Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)

2025-01-23 06:21

Cisco has released software updates to address a critical security flaw impacting Meeting Management that could permit a remote, authenticated attacker to gain administrator privileges on susceptible instances. The vulnerability, tracked as CVE-2025-20156, carries a CVSS score of 9.9 out 10.0. It has been described as a privilege escalation flaw in the REST API of Cisco Meeting Management. "This

News URL

https://thehackernews.com/2025/01/cisco-fixes-critical-privilege.html

#cisco #critical #CVS #cvss #management #CVE-2025-20156

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2025-01-22	CVE-2025-20156	A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This vulnerability exists because proper authorization is not enforced upon REST API users. CWE-274	0.0

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Cisco		2047	21	1773	1670	288	3752

News URL

Related news

Related Vulnerability

Related vendor