What is CVE-2020-3537?

CVE-2020-3537 is a medium-severity vulnerability in Cisco Jabber, classified under Information Disclosure. CVSS score: 5.7/10. Published 2020-09-04.

How severe is CVE-2020-3537?

Medium severity. CVSS v3 base score is 5.7 out of 10.

Is CVE-2020-3537 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Cisco Jabber

CVE-2020-3537

A vulnerability in Cisco Jabber for Windows software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this…

Vulnerability class: Information Disclosure

EPSS: 0.004 (58.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.7 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N.

Affected products

Cisco Jabber — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

404notf0und/CVE-Flow

References

20200902 Cisco Jabber for Windows Universal Naming Convention Link Handling Vulnerability (vendor-advisory, x_refsource_CISCO)

Frequently asked questions

What is CVE-2020-3537?: CVE-2020-3537 is a medium-severity vulnerability in Cisco Jabber, classified under Information Disclosure. CVSS score: 5.7/10. Published 2020-09-04.
How severe is CVE-2020-3537?: Medium severity. CVSS v3 base score is 5.7 out of 10.
Is CVE-2020-3537 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.