What is CVE-2020-3495?

CVE-2020-3495 is a critical-severity vulnerability in Cisco Jabber, classified under Improper Input Validation. CVSS score: 9.9/10. Published 2020-09-04.

How severe is CVE-2020-3495?

Critical severity. CVSS v3 base score is 9.9 out of 10.

Is CVE-2020-3495 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Cisco Jabber

CVE-2020-3495

A vulnerability in Cisco Jabber for Windows could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sendi…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.044 (89.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.9 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.

Affected products

Cisco Jabber — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

References

20200902 Cisco Jabber for Windows Message Handling Arbitrary Code Execution Vulnerability (vendor-advisory, x_refsource_CISCO)

Frequently asked questions

What is CVE-2020-3495?: CVE-2020-3495 is a critical-severity vulnerability in Cisco Jabber, classified under Improper Input Validation. CVSS score: 9.9/10. Published 2020-09-04.
How severe is CVE-2020-3495?: Critical severity. CVSS v3 base score is 9.9 out of 10.
Is CVE-2020-3495 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.