Wednesday 22nd January 2025
Summary
Cisco released a Security Advisory for a critical vulnerability in the REST API of Cisco Meeting Management. CVE-2025-20156 (CVSS v3.1: 9.9 [Critical]) could allow a remote, authenticated attacker with low privileges to escalate privileges to administrator on affected devices.
Cisco Meeting Manager is used as a management tool for the Cisco Meeting Server platform. The Manager also allows monitoring and management of meetings, and provides license information.
Affected Software
Cisco Meeting Management Release | First Fixed Release |
---|---|
3.8 and earlier | Migrate to a fixed release. |
3.9 | 3.9.1 |
3.10 | Not vulnerable. |