Rewterz Threat Advisory – CVE-2022-20917 – Cisco Jabber Client Software Vulnerability

Rewterz Threat Advisory – CVE-2022-20948 – Cisco BroadWorks Hosted Thin Receptionist Vulnerability

October 6, 2022

Rewterz Threat Advisory – CVE-2022-20793 – Cisco TelePresence CE Software and RoomOS Software for Cisco Touch 10 Devices Vulnerability

October 6, 2022

Rewterz Threat Advisory – CVE-2022-20917 – Cisco Jabber Client Software Vulnerability

Severity

Medium

Analysis Summary

CVE-2022-20917

Cisco Jabber Client Software is vulnerable to HTTP request smuggling, caused by improper handling of nested XMPP messages within requests that are sent to the Cisco Jabber client software. By connecting to an XMPP messaging server and sending specially crafted XMPP messages to an affected Jabber client, a remote authenticated attacker could exploit this vulnerability to manipulate the content of XMPP messages, possibly allowing the attacker to cause the Jabber client application to perform unsafe actions.

Impact

Unauthorized Access

Indicators Of Compromise

CVE

CVE-2022-20917

Affected Vendors

Cisco

Affected Products

Cisco Jabber Client Software

Remediation

Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.

Cisco Security Advisory

Rewterz Threat Advisory – CVE-2022-20948 – Cisco BroadWorks Hosted Thin Receptionist Vulnerability

Rewterz Threat Advisory – CVE-2022-20793 – Cisco TelePresence CE Software and RoomOS Software for Cisco Touch 10 Devices Vulnerability

Rewterz Threat Advisory – CVE-2022-20917 – Cisco Jabber Client Software Vulnerability

Severity

Analysis Summary

Impact

Indicators Of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan