Critical Cisco Flaw Lets Attackers Seize Admin Control of Meeting Systems – Patch Now

Critical Cisco Flaw Lets Attackers Seize Admin Control of Meeting Systems - Patch Now

Critical Security Updates Released for Cisco Meeting Management

Cisco has addressed a critical security vulnerability in its Meeting Management software that could allow authenticated attackers to gain administrator privileges. The flaw, identified as CVE-2025-20156, received a near-maximum CVSS score of 9.9.

Key Vulnerability Details:
– Affects REST API authorization in Cisco Meeting Management
– Enables administrator-level control over edge nodes
– Impacts versions 3.9 (patched in 3.9.1) and earlier
– Version 3.10 is not affected

Additional Security Updates:
1. BroadWorks Platform:
– DoS vulnerability (CVE-2025-20165, CVSS 7.5)
– Fixed in version RI.2024.11
– Caused by improper SIP request handling

2. ClamAV:
– Integer underflow vulnerability (CVE-2025-20128, CVSS 5.3)
– Affects OLE2 decryption
– Proof-of-concept code exists, no active exploitation reported

Related Ivanti Security Alert:
CISA and FBI have disclosed two exploit chains targeting Ivanti cloud services:
– First chain: CVE-2024-8963 combined with CVE-2024-8190 and CVE-2024-9380
– Second chain: CVE-2024-8963 with CVE-2024-9379
– Attackers gained network access and attempted web shell deployment

Organizations using affected versions are urged to update immediately to protect against these vulnerabilities.

Share This Article