Login Sign Up

CVE-2020-26085

9.9 CRITICAL
Remote Code Execution

📋 TL;DR

This critical vulnerability in Cisco Jabber allows attackers to execute arbitrary programs with elevated privileges or access sensitive information. It affects Cisco Jabber for Windows, macOS, and mobile platforms. Organizations using vulnerable versions of Cisco Jabber are at risk.

💻 Affected Systems

Products:
  • Cisco Jabber for Windows
  • Cisco Jabber for macOS
  • Cisco Jabber for mobile platforms
Versions: Multiple versions prior to patched releases
Operating Systems: Windows, macOS, iOS, Android
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Jabber by Cisco

View all CVEs affecting Jabber →

Jabber by Cisco

View all CVEs affecting Jabber →

Jabber by Cisco

View all CVEs affecting Jabber →

Jabber by Cisco

View all CVEs affecting Jabber →

Jabber by Cisco

View all CVEs affecting Jabber →

Jabber by Cisco

View all CVEs affecting Jabber →

Jabber by Cisco

View all CVEs affecting Jabber →

Jabber by Cisco

View all CVEs affecting Jabber →

Jabber by Cisco

View all CVEs affecting Jabber →

Jabber by Cisco

View all CVEs affecting Jabber →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of affected devices, accessing sensitive communications, and moving laterally through the network.

🟠

Likely Case

Attacker gains access to sensitive Jabber communications and user credentials, potentially leading to data theft and further network compromise.

🟢

If Mitigated

Limited impact with proper network segmentation and endpoint protection preventing lateral movement and data exfiltration.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires some user interaction or network access to the Jabber client.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Cisco advisory for specific patched versions per platform

Vendor Advisory: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-ZktzjpgO

Restart Required: Yes

Instructions:

1. Review Cisco advisory for affected versions. 2. Download and install the latest patched version from Cisco. 3. Restart all Jabber clients. 4. Verify installation and functionality.

🔧 Temporary Workarounds

Network segmentation

all

Isolate Jabber clients from sensitive systems and limit network access

Endpoint protection

all

Deploy endpoint detection and response (EDR) to monitor for suspicious activity

🧯 If You Can't Patch

  • Disable or uninstall Cisco Jabber on affected systems
  • Implement strict network access controls and monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check Jabber client version against affected versions listed in Cisco advisory

Check Version:

In Jabber: Help > About Jabber (Windows/macOS) or check app version in mobile settings

Verify Fix Applied:

Verify Jabber client version is updated to patched version specified in advisory

📡 Detection & Monitoring

Log Indicators:

  • Unusual process execution from Jabber
  • Suspicious file access patterns
  • Authentication anomalies

Network Indicators:

  • Unusual outbound connections from Jabber clients
  • Suspicious protocol usage

SIEM Query:

Process creation where parent process contains 'jabber' AND (command line contains suspicious patterns OR destination IP is external)

📊 Metadata

CVE ID: CVE-2020-26085
CVSS v3 Score: 9.9 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-201
Published: January 7, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-26085, you might also want to check these:

CVE-2020-27127 9.9

This critical vulnerability in Cisco Jabber allows attackers to execute arbitrary code with elevated...

Same vulnerability type (CWE-201)
CVE-2020-27133 9.9

CVE-2020-27133 is a critical vulnerability in Cisco Jabber that allows attackers to execute arbitrar...

Same vulnerability type (CWE-201)
CVE-2025-48749 9.1

Netwrix Directory Manager (formerly Imanami GroupID) versions 11.0.0.0 and earlier, and versions aft...

Same vulnerability type (CWE-201)