FlagThis

Cisco has issued critical security patches to address vulnerabilities in its ClamAV software and Meeting Management platform. A denial-of-service flaw, identified as CVE-2025-20128, affects ClamAV and can be exploited by submitting a crafted file that terminates the scanning process. Proof-of-concept exploit code is available, although there's no indication it has been used in the wild. This ClamAV vulnerability is due to a heap-based buffer overflow bug within the OLE2 file parser, impacting Cisco Secure Endpoint Connectors for Windows, Linux, and macOS. Cisco advises users to immediately update to ClamAV versions 1.4.2 or 1.0.8 to remediate this threat, since a successful attack could disrupt security workflows by stopping the malware scanning function.

Additionally, a critical privilege escalation vulnerability, CVE-2025-20156, has been discovered in the Cisco Meeting Management REST API. This flaw allows remote authenticated attackers with low privileges to elevate their access to administrator level on affected devices. It stems from improper authorization enforcement within the REST API, enabling attackers to gain control of edge nodes managed by Cisco Meeting Management. The vulnerability impacts versions 3.9 and earlier, but not 3.10. Upgrading to version 3.9.1 or 3.10 is essential as there are no workarounds available. Cisco has released software updates to address this vulnerability, also impacting the Broadworks platform.

ImgSrc: blogger.googleu

References :

• gbhackers.com: Cisco has issued a critical advisory regarding a privilege escalation vulnerability in its Meeting Management REST API.
• securityaffairs.com: Cisco addressed a critical flaw in its Meeting Management that could allow it to gain administrator privileges on vulnerable instances.
• The Hacker News: Cisco has released software updates to address a critical security flaw impacting Meeting Management that could permit a remote, authenticated attacker with low level access
• Pyrzout :vm:: Cisco Meeting Management REST API Privilege Escalation Vulnerability
• ciso2ciso.com: Cisco Meeting Management REST API Privilege Escalation Vulnerability – Source:sec.cloudapps.cisco.com #'Cyber
• www.helpnetsecurity.com: Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw 'tmiss
• The Register - Security: Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management
• www.heise.de: Cisco: Critical security vulnerability in Meeting Management Cisco warns of a critical vulnerability in Meeting Management as well as vulnerabilities in Broadworks and ClamAV.
• ciso2ciso.com: Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management
• Pyrzout :vm:: Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management – Source: go.theregister.com
• ciso2ciso.com: The article highlights a critical vulnerability in Cisco's Meeting Management tool.
• jbz: Patch now: Cisco fixes critical Meeting Management flaw —The Register
• The Register: The story focuses on a 9.9-rated vulnerability in Cisco Meeting Management, highlighting potential remote code execution risks.
• heise online English: This discusses the vulnerability in Cisco's Meeting Management software.
• www.theregister.com: Patch now: Cisco fixes critical Meeting Management flaw —The Register
• jbz: Patch now: Cisco fixes critical Meeting Management flaw —The Register ï½¢ "An attacker could exploit this vulnerability by sending API requests to a specific endpoint," and this could allow admin-level access over edge nodes, which are components of Cisco's video conferencing infrastructure managed by this tool, the biz warned in a Wednesday security alert ï½£
• The Register - Security: Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management – Source: go.theregister.com

Classification:

• HashTags: #Cisco #Vulnerability #ClamAV
• Company: Cisco
• Target: Cisco users
• Product: ClamAV
• Feature: Security Patch
• Type: Vulnerability
• Severity: Major