What is CVE-2020-3430?

CVE-2020-3430 is a high-severity vulnerability in Cisco Jabber, classified under OS Command Injection. CVSS score: 8.8/10. Published 2020-09-04.

How severe is CVE-2020-3430?

High severity. CVSS v3 base score is 8.8 out of 10.

Is CVE-2020-3430 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Cisco Jabber

CVE-2020-3430

A vulnerability in the application protocol handling features of Cisco Jabber for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper handling of input to the applicat…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.053 (90.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Cisco Jabber — versions n/a

Weakness classification (CWE)

CWE-78 — OS Command Injection

Public proof-of-concept exploits

404notf0und/CVE-Flow

References

20200902 Cisco Jabber for Windows Protocol Handler Command Injection Vulnerability (vendor-advisory, x_refsource_CISCO)

Frequently asked questions

What is CVE-2020-3430?: CVE-2020-3430 is a high-severity vulnerability in Cisco Jabber, classified under OS Command Injection. CVSS score: 8.8/10. Published 2020-09-04.
How severe is CVE-2020-3430?: High severity. CVSS v3 base score is 8.8 out of 10.
Is CVE-2020-3430 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.