FlagThis

Cisco’s Meeting Management tool has a critical vulnerability with a 9.9 severity rating, which could allow a remote attacker with low privileges to gain admin-level access. This vulnerability was addressed with a patch from Cisco, but it highlights the risks in managing network and video infrastructure and the importance of applying security updates promptly. The vulnerability allows a low privileged user to get admin access via an API exploit.

The rapid patching of this vulnerability shows that Cisco is responding to threats, but also shows that the risk of these kinds of attacks are common in modern infrastructure. The high severity rating underscores the potential impact on organizations using this technology.

BeyondTrust has experienced a security incident where hackers breached their Remote Support SaaS instances by exploiting an API key, allowing for account password resets. Two critical vulnerabilities were discovered and patched, namely command injection (CVE-2024-12356) and escalation of privilege (CVE-2024-12686). This incident highlights the risks associated with API key compromise and the importance of proper security measures for SaaS platforms and privileged access management solutions.