CyberSecurity news

FlagThis

Divya@gbhackers.com //
Cisco has released a critical patch for a high-severity vulnerability in its Meeting Management tool, which has been given a rating of 9.9. The vulnerability, identified as CVE-2025-20156, could allow a remote attacker with low privileges to gain admin-level access to affected devices. This exploit is achieved by sending specific API requests to a designated endpoint, thus bypassing access control protocols on the system. This flaw primarily affects edge nodes, which are critical components of Cisco's video conferencing infrastructure managed by the tool. Cisco has acknowledged the vulnerability and issued an alert, urging customers to apply the patch immediately.




The vulnerability impacts most versions of Cisco Meeting Management, with the exception of version 3.10. Users with earlier releases, 3.8 and below, will need to migrate to a supported version. Specifically, release 3.9 should be upgraded to version 3.9.1. Although there have been no confirmed reports of the exploit being used in the wild yet, Cisco encourages all users to update as soon as possible, as a Proof-of-Concept (PoC) exploit could surface at any time. The discovery of this flaw was credited to Modux bug hunter Ben Leonard-Lagarde.
Original img attribution: https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhDdiPibRVcciRlyv3U9I52jvhdS30Cw6vzqKBXlFyCz6u1M9aauLvBn_sFYNelUJzekieWRCK9C7U9P9vJctGlsrCOBDjq1KaFla2ut2o5Y3Ex48YBIVY6xu5AoAx1pDXTCIBaTm7-rqpQUdhEvCQodMlZWqsroBWjJrUKGcqut8P64E57ztj56bdGaMW0/s1600/CISCO%281%29-1.webp
ImgSrc: blogger.googleu

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • ciso2ciso.com: Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management – Source: go.theregister.com
  • The Register: Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug No in-the-wild exploits … yet Cisco has pushed a patch for a critical, 9.9-rated vulnerability in its Meeting Management tool that could allow a remote, authenticated attacker with low privileges to escalate to administrator on affected devices.…
  • jbz: Patch now: Cisco fixes critical Meeting Management flaw —The Register ï½¢ "An attacker could exploit this vulnerability by sending API requests to a specific endpoint," and this could allow admin-level access over edge nodes, which are components of Cisco's video conferencing infrastructure managed by this tool, the biz warned in a Wednesday security alert ï½£
  • Pyrzout :vm:: Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management – Source: go.theregister.com
  • ciso2ciso.com: Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management
  • www.theregister.com: Patch now: Cisco fixes critical Meeting Management flaw —The Register
Classification:
  • HashTags: #Cisco #Vulnerability #MeetingManagement
  • Company: Cisco
  • Target: Cisco Meeting Management
  • Product: Meeting Management
  • Feature: Admin Access
  • Type: Vulnerability
  • Severity: Major