Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)

2025-01-23 06:21

Cisco has released software updates to address a critical security flaw impacting Meeting Management that could permit a remote, authenticated attacker to gain administrator privileges on susceptible instances. The vulnerability, tracked as CVE-2025-20156, carries a CVSS score of 9.9 out 10.0. It has been described as a privilege escalation flaw in the REST API of Cisco Meeting Management. "This

News URL

https://thehackernews.com/2025/01/cisco-fixes-critical-privilege.html

#cisco #critical #CVS #cvss #management #CVE-2025-20156

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2025-01-22	CVE-2025-20156	A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This vulnerability exists because proper authorization is not enforced upon REST API users. network low complexity CWE-276 critical	9.9

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Cisco		2047	21	1773	1669	288	3751

News URL

Related news

Related Vulnerability

Related vendor