Home > Security Bulletins > Cisco Critical Vulnerability – Cisco Meeting Management

Cisco Critical Vulnerability – Cisco Meeting Management

Wednesday 22nd January 2025

Summary

Cisco released a Security Advisory for a critical vulnerability in the REST API of Cisco Meeting Management. CVE-2025-20156 (CVSS v3.1: 9.9 [Critical]) could allow a remote, authenticated attacker with low privileges to escalate privileges to administrator on affected devices.

Cisco Meeting Manager is used as a management tool for the Cisco Meeting Server platform. The Manager also allows monitoring and management of meetings, and provides license information.

Affected Software

Cisco Meeting Management Release First Fixed Release
3.8 and earlier Migrate to a fixed release.
3.9 3.9.1
3.10 Not vulnerable.