Sign-up

ID

VAR-202501-3155


CVE

CVE-2025-20156


TITLE

Cisco Systems  Cisco Meeting Management  Insufficient privilege handling vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2025-010574

DESCRIPTION

A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This vulnerability exists because proper authorization is not enforced upon REST API users. An attacker could exploit this vulnerability by sending API requests to a specific endpoint. A successful exploit could allow the attacker to gain administrator-level control over edge nodes that are managed by Cisco Meeting Management. Cisco Systems Cisco Meeting Management contains a vulnerability related to improper handling of insufficient privileges.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Cisco Meeting Management is software used by Cisco to manage and schedule meetings

Trust: 2.16

sources: NVD: CVE-2025-20156 // JVNDB: JVNDB-2025-010574 // CNVD: CNVD-2025-02825

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-02825

AFFECTED PRODUCTS

vendor:ciscomodel:meeting managementscope:ltversion:3.9.1

Trust: 1.0

vendor:シスコシステムズmodel:cisco meeting managementscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco meeting managementscope:eqversion:3.9.1

Trust: 0.8

vendor:ciscomodel:meeting managementscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-02825 // JVNDB: JVNDB-2025-010574 // NVD: CVE-2025-20156

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@cisco.com: CVE-2025-20156
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2025-010574
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-02825
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-02825
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

psirt@cisco.com: CVE-2025-20156
baseSeverity: CRITICAL
baseScore: 9.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.1
impactScore: 6.0
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-010574
baseSeverity: CRITICAL
baseScore: 9.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-02825 // JVNDB: JVNDB-2025-010574 // NVD: CVE-2025-20156

PROBLEMTYPE DATA

problemtype:CWE-274

Trust: 1.0

problemtype:Improper handling of insufficient privileges (CWE-274) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-010574 // NVD: CVE-2025-20156

PATCH

title:cisco-sa-clamav-ole2-H549rphA Cisco Security Advisoryurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA

Trust: 0.8

title:Patch for Cisco Meeting Management Privilege Escalation Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/654736

Trust: 0.6

sources: CNVD: CNVD-2025-02825 // JVNDB: JVNDB-2025-010574

EXTERNAL IDS

db:NVDid:CVE-2025-20156

Trust: 3.2

db:JVNDBid:JVNDB-2025-010574

Trust: 0.8

db:CNVDid:CNVD-2025-02825

Trust: 0.6

sources: CNVD: CNVD-2025-02825 // JVNDB: JVNDB-2025-010574 // NVD: CVE-2025-20156

REFERENCES

url:https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html

Trust: 2.4

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-clamav-ole2-h549rpha

Trust: 1.6

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cmm-privesc-uy2vf8pc

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2025-20156

Trust: 0.8

sources: CNVD: CNVD-2025-02825 // JVNDB: JVNDB-2025-010574 // NVD: CVE-2025-20156

SOURCES

db:CNVDid:CNVD-2025-02825
db:JVNDBid:JVNDB-2025-010574
db:NVDid:CVE-2025-20156

LAST UPDATE DATE

2025-08-06T23:21:49.625000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-02825date:2025-02-13T00:00:00
db:JVNDBid:JVNDB-2025-010574date:2025-08-05T00:48:00
db:NVDid:CVE-2025-20156date:2025-08-01T15:52:09.427

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-02825date:2025-02-11T00:00:00
db:JVNDBid:JVNDB-2025-010574date:2025-08-05T00:00:00
db:NVDid:CVE-2025-20156date:2025-01-22T17:15:12.800