Cisco Meeting Management vulnerabilities

CVE-2026-20098 [HIGH] CWE-434 CVE-2026-20098: A vulnerability in the Certificate Management feature of Cisco Meeting Management could allow an aut A vulnerability in the Certificate Management feature of Cisco Meeting Management could allow an authenticated, remote attacker to upload arbitrary files, execute arbitrary commands, and elevate privileges to root on an affected system. This vulnerability is due to improper input validation in certain sections of the web-based management interface. A

CVE-2025-20156 [CRITICAL] CWE-274 CVE-2025-20156: A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated atta A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This vulnerability exists because proper authorization is not enforced upon REST API users. An attacker could exploit this vulnerability by sending API requests

CVE-2024-20507 [MEDIUM] CWE-200 CVE-2024-20507: A vulnerability in the logging subsystem of Cisco Meeting Management could allow an authenticated, r A vulnerability in the logging subsystem of Cisco Meeting Management could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to improper storage of sensitive information within the web-based management interface of an affected device. An attacker could exploit this v