Summary: Cisco has issued critical software updates to address a privilege escalation vulnerability (CVE-2025-20156) in its Meeting Management system, allowing remote attackers to gain administrator access. Additionally, patches were released for a denial-of-service (DoS) flaw in BroadWorks and an integer underflow bug in ClamAV. The vulnerabilities highlight ongoing security challenges faced by organizations using Cisco products.
Threat Actor: Nation-state hacking crews | nation-state hacking crews
Victim: Ivanti | Ivanti
Keypoints :
- Cisco Meeting Management vulnerability (CVE-2025-20156) has a CVSS score of 9.9, allowing unauthorized admin access.
- Denial-of-service vulnerability in BroadWorks (CVE-2025-20165) can exhaust memory, leading to service outages.
- U.S. agencies reported exploit chains targeting Ivanti’s cloud services, involving multiple vulnerabilities for remote code execution and credential theft.
Source: https://thehackernews.com/2025/01/cisco-fixes-critical-privilege.html