Cisco: Critical security vulnerability in Meeting Management
Cisco warns of a critical vulnerability in Meeting Management as well as vulnerabilities in Broadworks and ClamAV.
Vulnerabilities threaten Cisco devices.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Cisco warns of a critical security vulnerability in Meeting Management. The manufacturer has also closed vulnerabilities in Broadworks and ClamAV with security updates.
The most serious vulnerability affects the REST API of Cisco's Meeting Management. “A vulnerability in the Cisco Meeting Management REST API allows remote authenticated attackers with low privileges to elevate their privileges on affected devices to Administrator,” writes Cisco in the security advisory (CVE-2025-20156, CVSS 9.9, risk “critical”).
Improper rights check
The vulnerability stems from the fact that proper authorization of REST API users is not enforced. Attackers can abuse the leak by sending API requests to endpoints. If successful, attackers can gain admin-level control over edge nodes managed with Cisco's Meeting Management. Version 3.10 is not affected by the vulnerability, for version 3.9 the update to Cisco Meeting Management 3.9.1 is available. Anyone still using version 3.8 or older should migrate to a supported version.
Videos by heise
A denial-of-service vulnerability affects Cisco Broadworks. The company writes in a security report that unauthenticated attackers from the network can paralyze the processing of incoming SIP requests in the SIP processing subsystem (CVE-2025-20165, CVSS 7.5, high). Memory handling for certain SIP requests is insufficient, which attackers can abuse by sending a large number of SIP requests to use up the memory that Cisco Broadworks reserves for processing SIP traffic. If there is no more memory available, the network servers will no longer process incoming requests. The error has been corrected as of version RI.2024.11 of Cisco Broadworks.
The ClamAV virus scanner can overshoot buffer limits when processing OLE2 streams (Object Linking and Embedding 2, a well-hung container format that was considered modern in the early 1990s) due to an integer underflow in a boundary check when reading, which apparently leads to a crash. Unauthenticated attackers from the network can send manipulated files to a system scanning with ClamAV and thus provoke a denial of service situation (CVE-2025-20128, CVSS 5.3, medium).
Cisco uses ClamAV for Secure Endpoint Connector and Private Cloud, where the risk rating rises to CVSS 6.9, just medium risk. Secure Endpoint Connector for Linux 1.25.1, for Mac 1.24.4, for Windows 7.5.20 and 8.4.3 as well as for Private Cloud 4.2.0 with updated connectors correct the error. Cisco points out that the developers are aware of proof-of-concept exploit code for this vulnerability; however, there have been no reports of its use in malicious attacks to date.
(dmk)
