Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw

2025-01-23 12:57

Cisco has released patches for a critical privilege escalation vulnerability in Meeting Management (CVE-2025-20156) and a heap-based buffer overflow flaw (CVE-2025-20128) that, when triggered, could terminate the ClamAV scanning process on endpoints running a Cisco Secure Endpoint Connector. Proof-of-concept (PoC) exploit code for CVE-2025-20128 is available, Cisco said, but the company is not aware of the vulnerability being exploited in the wild. Credit for reporting the flaw has been given to OSS-Fuzz, Google’s continuous fuzzing … More → The post Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw appeared first on Help Net Security.

News URL

https://www.helpnetsecurity.com/2025/01/23/cisco-clamav-cve-2025-20128-meeting-management-cve-2025-20156/

#cisco #critical #management #POC #vulnerability #CVE-2025-20156 #CVE-2025-20128

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2025-01-22	CVE-2025-20156	A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This vulnerability exists because proper authorization is not enforced upon REST API users. network low complexity CWE-276 critical	9.9
2025-01-22	CVE-2025-20128	A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. network low complexity CWE-120	5.3

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Cisco		2047	21	1773	1669	288	3751
Clamav		1	1	18	22	7	48

News URL

Related news

Related Vulnerability

Related vendor