CVE-2017-5605
Last modified
CVE-2017-5605 is a vulnerability of currently unknown severity. An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. EPSS estimates a 0.94% chance of exploitation in the next 30 days.
Description
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Movim 0.8 - 0.10.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Movim | Movim | 0.8 |
| Movim | Movim | 0.8.1 |
| Movim | Movim | 0.9 |
| Movim | Movim | 0.10 |
References
- http://openwall.com/lists/oss-security/2017/02/09/29Exploit, Mailing List, Third Party Advisory
- https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/Exploit, Technical Description, Third Party Advisory
- https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdfExploit, Technical Description, Third Party Advisory
- http://openwall.com/lists/oss-security/2017/02/09/29Exploit, Mailing List, Third Party Advisory
- https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/Exploit, Technical Description, Third Party Advisory
- https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdfExploit, Technical Description, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-5605?
How severe is CVE-2017-5605?
How do I fix CVE-2017-5605?
Are you affected by CVE-2017-5605?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST