Another day, another critical patch. The Register reports:
Cisco has pushed a patch for a critical, 9.9-rated vulnerability in its Meeting Management tool that could allow a remote, authenticated attacker with low privileges to escalate to administrator on affected devices.
Cisco Meeting Management is the management software for the tech giant’s on-premises video meeting platform.
The flaw, tracked as CVE-2025-20156, exists due to a failure to enforce proper authorization for REST API users, and it’s pretty easy to exploit.
“An attacker could exploit this vulnerability by sending API requests to a specific endpoint,” and this could allow admin-level access over edge nodes, which are components of Cisco’s video conferencing infrastructure managed by this tool, the biz warned in a Wednesday security alert.
Read more at The Register.