Thursday , January 23 2025
Privilege Escalation

CVE-2025-20156
Cisco Fixes Meeting Management Allowing Privilege Escalation

infosecbulletin 2 hours ago Uncategorized

Cisco has released a security advisory concerning a critical privilege escalation vulnerability (CVE-2025-20156) in its Meeting Management software. With a daunting CVSS score of 9.9, this vulnerability poses a significant risk, as it could enable remote, authenticated attackers with minimal privileges to elevate their access to administrator status on compromised devices.

Cisco warns, “A successful exploit could allow the attacker to gain administrator-level control over edge nodes that are managed by Cisco Meeting Management.”

Account Credentials for Security Vendors Found on Dark Web: Cyble Report

By infosecbulletin / Thursday , January 23 2025
# "While many leaked security credentials belong to customers, some exposed sensitive accounts suggest that security vendors too have been...
Read More
Account Credentials for Security Vendors Found on Dark Web: Cyble Report

Four Critical Ivanti CSA Vulnerabilities Exploited: CISA , FBI warns

By infosecbulletin / Thursday , January 23 2025
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory...
Read More
Four Critical Ivanti CSA Vulnerabilities Exploited: CISA , FBI warns

GitLab Releases Patch (CVE-2025-0314) for XSS Exploit

By infosecbulletin / Thursday , January 23 2025
GitLab has released update for high severity cross-site scripting (XSS) flaw. Versions 17.8.1, 17.7.3, and 17.6.4 for both Community Edition...
Read More
GitLab Releases Patch (CVE-2025-0314) for XSS Exploit

CVE-2025-20156
Cisco Fixes Meeting Management Allowing Privilege Escalation

By infosecbulletin / Thursday , January 23 2025
Cisco has released a security advisory concerning a critical privilege escalation vulnerability (CVE-2025-20156) in its Meeting Management software. With a...
Read More
CVE-2025-20156 Cisco Fixes Meeting Management Allowing Privilege Escalation

Delay patching leaves about 50,000 Fortinet firewalls to zero-day attack

By infosecbulletin / Wednesday , January 22 2025
Fortinet customers must apply the latest updates, as almost 50,000 management interfaces remain vulnerable to the latest zero-day exploit. The...
Read More
Delay patching leaves about 50,000 Fortinet firewalls to zero-day attack

Daily Security Update Dated: 21.01.2025

By infosecbulletin / Tuesday , January 21 2025
Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so...
Read More
Daily Security Update Dated: 21.01.2025

126 Linux kernel Vulns Allow Attackers Exploit 78 Linux Sub-Systems

By infosecbulletin / Tuesday , January 21 2025
Ubuntu 22.04 LTS users are advised to update their systems right away due to a crucial security patch from Canonical...
Read More
126 Linux kernel Vulns Allow Attackers Exploit 78 Linux Sub-Systems

CERT-UA alerts about “security audit” requests through AnyDesk

By infosecbulletin / Tuesday , January 21 2025
Attackers are pretending to be Ukraine's Computer Emergency Response Team (CERT-UA) using AnyDesk to access target computers. “Unidentified individuals are...
Read More
CERT-UA alerts about “security audit” requests through AnyDesk

Oracle Critical Pre-Release update addressed 320 flaw

By infosecbulletin / Tuesday , January 21 2025
Oracle Critical Patch Update Pre-Release Announcement shares details about the upcoming update scheduled for January 21, 2025. Note that this...
Read More
Oracle Critical Pre-Release update addressed 320 flaw

OWASP Reveils Top 10 Smart Contract Vulnerabilities for 2025

By infosecbulletin / Tuesday , January 21 2025
OWASP has released its updated list of the top 10 vulnerabilities in smart contracts for 2025. This guide highlights the...
Read More
OWASP Reveils Top 10 Smart Contract Vulnerabilities for 2025

This vulnerability affects all versions of Cisco Meeting Management prior to the fixed release. Exploitation of this issue could give attackers significant control over systems, potentially disrupting business operations.

The following software releases are impacted:

Versions 3.8 and earlier: Users are advised to migrate to a fixed release.
Version 3.9: Patched in version 3.9.1.
Version 3.10: Not vulnerable.

Cisco has confirmed that there are no workarounds available to mitigate this vulnerability. The only solution is to apply the necessary software updates. Users are advised to consult the advisory for detailed information on affected and fixed releases.

Cisco has provided free software updates to address the CVE-2025-20156 vulnerability. Customers with valid service contracts can access these updates via their regular update channels. Users without service contracts are advised to contact Cisco’s Technical Assistance Center (TAC) to obtain the necessary upgrades. For seamless updates, Cisco recommends verifying hardware compatibility and ensuring sufficient memory for the new software release.

Delay patching leaves about 50,000 Fortinet firewalls to zero-day attack

Check Also

Intel

Intel holds 22 employees from one Bangladeshi University

Intel Corporation is a leading semiconductor chip manufacturer, employing at least 22 graduates from the …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin