Cisco has addressed a critical severity remote code execution vulnerability affecting multiple versions of its Cisco Jabber for Windows software. The Cisco Product Security Incident Response Team says the flaw is not currently exploited in the wild. The security flaw tracked as CVE-2020-3495 received an almost maximum 9.9 CVSS base score from Cisco and it is caused by improper input validation of incoming messages’ contents. The vulnerability was found and reported by Watchcom’s Olav Sortland Thoresen of Watchcom.
Source: https://www.bleepingcomputer.com/news/security/cisco-fixes-critical-code-execution-bug-in-jabber-for-windows/