Critical Privilege Escalation in Meeting Management ( CVSS 9.9 ) is fixed by Cisco.

Jan 23, 2025Ravie LakshmananNetwork Security / Risk

A critical security flaw that could allow a distant, authorized attacker to obtain administrator privileges on vulnerable instances has been fixed by Cisco.

The risk, tracked as CVE-2025-20156, carries a CVSS report of 9.9 out 10.0. It has been described as a luxury increase flaw in Cisco Meeting Management’s REST API.

This risk is present because REST API users do not receive proper approval, according to the business in a Wednesday advisory. By sending API demands to a particular terminal, an attacker could utilize this risk.

” A successful abuse could give the attacker administrator-level access to Cisco Meeting Management’s managed top nodes.”

The security flaw was reported by Modux’s Ben Leonard-Lagarde, who was the marketing equipment significant. Regardless of machine configuration, it has an impact on the following versions of the item.

  • Cisco Meeting Management has released version 3. 9 ( Patched in 3. 3.9.1 ).
  • Release versions 3. 8 and higher from Cisco Meeting Management ( Migrate to a fixed release ).
  • Cisco Meeting Management release version 3.10 ( Not vulnerable )

Cisco has also released patches to remediate a denial-of-service ( DoS ) flaw affecting BroadWorks that stems from improper memory handling for certain Session Initiation Protocol ( SIP ) requests ( CVE-2025-20165, CVSS score: 7.5 ). Version RI fixed the issue. 2024.11.

A hacker could use this risk by sending a large number of SIP calls to the system, the statement read.

The attacker may be able to use the Cisco BroadWorks Network Servers, which handle Taste visitors, to fully utilize the memory. The Network Servers cannot no longer approach incoming calls if there is no memory available, which creates a DoS condition that requires regular recovery.

A third vulnerability patched by Cisco is ( CVSS score: 5.3 ), an integer underflow bug impacting the Object Linking and Embedding 2 ( OLE2 ) decryption routine of ClamAV that could also result in a DoS condition.

The company, which acknowledged Google OSS-Fuzz for reporting the flaw, said it’s aware of the existence of a proof-of-concept ( PoC ) exploit code, although there is no evidence it has been maliciously exploited in the wild.

Ivanti and CISA both elude chain destruction.

The release of Cisco defects coincides with the U.S. government’s security and law enforcement agencies ‘ technical details of two exploit chains used by nation-state hackers teams to hack into Ivanti’s cloud services applications in September 2024.

The flaws are as follows:-

The attack sequences, per the Cybersecurity and Infrastructure Security Agency ( CISA ) and Federal Bureau of Investigation ( FBI ), involved the abuse of CVE-2024-8963 in conjunction with CVE-2024-8190 and CVE-2024-9380 in one case, and CVE-2024-8963 and CVE-2024-9379 in the other.

Fortinet FortiGuard Labs made the initial abuse network public in October 2024, so it’s worth noting. In at least one occasion, it is thought that the threat actors moved medial after gaining traction from the beginning.

The second exploit network has been found to utilize CVE-2024-8963 in combination with CVE-2024-9379 to get access to the target system, followed by fruitless attempts to transplant website shells for persistence.

” Hazard actors chained the listed risks to gain preliminary access, conduct distant code execution (RCE), obtain credentials, and implant web shell on victim systems”, the companies . ” Credentials and sensitive information stored within the damaged Ivanti equipment should be regarded as compromised.

Found this post exciting? Following us on and Twitter to access more unique content.

Leave a Comment