Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
WARNING: CRITICAL PRIVILEGE ESCALATION VULNERABILITY IN CISCO MEETING MANAGEMENT, PATCH IMMEDIATELY!
Image
Published : 23/01/2025
Reference:
Advisory #2025-18
Version:
1.0
Affected software:
Cisco Meeting Management = 3.9 / = 3.8
Type:
Privilege escalation
CVE/CVSS:
CVE-2025-20156: CVSS 9.9 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
Sources
Risks
This vulnerability could allow an attacker to gain administrator-level control over edge nodes that are managed by Cisco Meeting Management.
An attacker could then potentially access sensitive information, modify system configuration and disrupt services running on these devices. This could lead to a complete compromise of the affected systems, potentially impacting the confidentiality, integrity, and availability of the managed edge nodes.
Description
A vulnerability in the REST API of Cisco Meeting Management could permit a remote, authenticated attacker with low privileges to escalate their privileges to an administrator on an affected device.
This issue arises due to the lack of proper authorization enforcement for REST API users. An attacker could take advantage of this vulnerability by sending API requests to a designated endpoint.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Cisco Meeting Management release version 3.9 (Patched in 3.9.1)
Cisco Meeting Management release versions 3.8 and earlier (Migrate to a fixed release)
Cisco Meeting Management release version 3.10 (Not vulnerable)
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
The Hacker News - https://thehackernews.com/2025/01/cisco-fixes-critical-privilege.html