2025-01-30 15:14:21 Pacfic
Critical Cisco Meeting Management Bug Fixed - 6d
Cisco has released a critical patch for a high-severity vulnerability in its Meeting Management tool, which has been given a rating of 9.9. The vulnerability, identified as CVE-2025-20156, could allow a remote attacker with low privileges to gain admin-level access to affected devices. This exploit is achieved by sending specific API requests to a designated endpoint, thus bypassing access control protocols on the system. This flaw primarily affects edge nodes, which are critical components of Cisco's video conferencing infrastructure managed by the tool. Cisco has acknowledged the vulnerability and issued an alert, urging customers to apply the patch immediately.
The vulnerability impacts most versions of Cisco Meeting Management, with the exception of version 3.10. Users with earlier releases, 3.8 and below, will need to migrate to a supported version. Specifically, release 3.9 should be upgraded to version 3.9.1. Although there have been no confirmed reports of the exploit being used in the wild yet, Cisco encourages all users to update as soon as possible, as a Proof-of-Concept (PoC) exploit could surface at any time. The discovery of this flaw was credited to Modux bug hunter Ben Leonard-Lagarde.
ImgSrc: blogger.googleusercontent.com
References:
- GBHackers Security | #1 Globally Trusted Cyber Security News Platform - Cisco has issued a critical advisory regarding a privilege escalation vulnerability in its Meeting Management REST API. - 6d
- Security Archives - Security Affairs - Cisco addressed a critical flaw in its Meeting Management that could allow it to gain administrator privileges on vulnerable instances. - 6d
- The Hacker News - Cisco has released software updates to address a critical security flaw impacting Meeting Management that could permit a remote, authenticated attacker with low level access - 6d
- @jos1264 - Cisco Meeting Management REST API Privilege Escalation Vulnerability - 6d
- ciso2ciso.com - Cisco Meeting Management REST API Privilege Escalation Vulnerability – Source:sec.cloudapps.cisco.com #'Cyber - 6d
- www.helpnetsecurity.com - Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw 'tmiss - 6d
- The Register - Security: Patches - Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management - 6d
- www.heise.de - Cisco: Critical security vulnerability in Meeting Management Cisco warns of a critical vulnerability in Meeting Management as well as vulnerabilities in Broadworks and ClamAV. - 6d
- ciso2ciso.com - Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management - 5d
- @jos1264 - Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management – Source: go.theregister.com - 5d
- CISO2CISO.COM & CYBER SECURITY GROUP - The article highlights a critical vulnerability in Cisco's Meeting Management tool. - 5d
- @jbz - Patch now: Cisco fixes critical Meeting Management flaw —The Register 「 "An attacker could exploit this vulnerability by sending API requests to a specific endpoint," and this could allow - 5d
- @theregister - The story focuses on a 9.9-rated vulnerability in Cisco Meeting Management, highlighting potential remote code execution risks. - 4d
- @heiseonlineenglish - This discusses the vulnerability in Cisco's Meeting Management software. - 4d
- www.theregister.com - Patch now: Cisco fixes critical Meeting Management flaw —The Register - 4d
- @theregister - Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug No in-the-wild exploits … yet Cisco has pushed a patch for a critical, 9.9-rated vulnerability in its Meeting Management tool that co - 4d
- @jbz - Patch now: Cisco fixes critical Meeting Management flaw —The Register 「 "An attacker could exploit this vulnerability by sending API requests to a specific endpoint," and this could allow - 3d
- The Register - Security: Cyber-crime - Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management – Source: go.theregister.com - 3d
Classification:
- HashTags: Cisco Vulnerability MeetingManagement
- Company: Cisco
- Target: Cisco Meeting Management
- Product: Meeting Management
- Feature: Admin Access
- Type: Vulnerability
- Severity: Major