CVE-2018-0449 — Vulnetix

CVE-2018-0449 PUBLISHED CVSS 5.099999904632568 MEDIUM

A vulnerability in the Cisco Jabber Client Framework (JCF) software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to corrupt arbitrary files on an affected device that has elevated privileges. The vulnerability exists due to insecure directory permissions set on a JCF created directory. An authenticated attacker with the ability to access an affected directory could create a hard link to an arbitrary location on the affected system. An attacker could convince another user that has administrative privileges to perform an install or update the Cisco Jabber for Mac client to perform such actions, allowing files to be created in an arbitrary location on the disk or an arbitrary file to be corrupted when it is appended to or overwritten.

EPSS 0.04% · 11.7th percentile

Risk Scores

CVSS 3.0

5.099999904632568

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

EPSS Score

0.04%

11.7th percentile

Affected Products

Vendor	Product	Versions
Cisco	Cisco Jabber for Mac	n/a
cisco	jabber	12.1\(0\)

Exploit Intelligence

20190109 Cisco Jabber Client Framework Insecure Directory Permissions Vulnerability (circl)
106520 (circl)

Timeline

Jan 9, 2019 CVE Published
Apr 14, 2021 EPSS Score
Jun 23, 2021 EPSS Score
Aug 24, 2021 EPSS Score
Oct 26, 2021 EPSS Score
Dec 27, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Feb 28, 2022 EPSS Score
May 2, 2022 EPSS Score
Sep 5, 2022 EPSS Score
Nov 6, 2022 EPSS Score
Jan 8, 2023 EPSS Score

References

20190109 Cisco Jabber Client Framework Insecure Directory Permissions Vulnerability vendor-advisory
106520 vdb
https://nvd.nist.gov/vuln/detail/CVE-2018-0449 advisory

Open in Interactive Console →