Primary

Context

Cisco Meeting Management REST API Privilege Escalation Vulnerability

Vulnerability

Patched

A vulnerability exists in the REST API of Cisco Meeting Management, allowing remote, authenticated attackers with low privileges to elevate their privileges to administrator level on affected devices. This issue arises because proper authorization is not enforced for REST API users. Exploitation involves sending API requests to a specific endpoint, which could result in gaining administrator control over edge nodes managed by Cisco Meeting Management.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing attackers to gain administrator-level control on affected devices.

Remediation

Cisco has released software updates that address this vulnerability. For Cisco Meeting Management versions 3.8 and earlier, users should migrate to a fixed release. For version 3.9, users should upgrade to 3.9.1. Version 3.10 is not vulnerable.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

5.0

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

5.0

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cisco Meeting Management REST API Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Cisco Meeting Management

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating