Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management

In Vulnerabilities, Vendor News
January 24, 2025

Another day, another critical patch. The Register reports:

Cisco has pushed a patch for a critical, 9.9-rated vulnerability in its Meeting Management tool that could allow a remote, authenticated attacker with low privileges to escalate to administrator on affected devices.

Cisco Meeting Management is the management software for the tech giant’s on-premises video meeting platform.

The flaw, tracked as CVE-2025-20156, exists due to a failure to enforce proper authorization for REST API users, and it’s pretty easy to exploit.

“An attacker could exploit this vulnerability by sending API requests to a specific endpoint,” and this could allow admin-level access over edge nodes, which are components of Cisco’s video conferencing infrastructure managed by this tool, the biz warned in a Wednesday security alert.

Read more at The Register.