Cisco Meeting Management vulnerabilities

CVE-2026-20098 [HIGH] CWE-434 CVE-2026-20098: A vulnerability in the Certificate Management feature of Cisco Meeting Management could allow an aut A vulnerability in the Certificate Management feature of Cisco Meeting Management could allow an authenticated, remote attacker to upload arbitrary files, execute arbitrary commands, and elevate privileges to root on an affected system. This vulnerability is due to improper input validation in certain sections of the web-based management interface. A

CVE-2025-20156 [CRITICAL] CWE-274 CVE-2025-20156: A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated atta A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This vulnerability exists because proper authorization is not enforced upon REST API users. An attacker could exploit this vulnerability by sending API requests

CVE-2024-20507 [MEDIUM] CWE-200 CVE-2024-20507: A vulnerability in the logging subsystem of Cisco Meeting Management could allow an authenticated, r A vulnerability in the logging subsystem of Cisco Meeting Management could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to improper storage of sensitive information within the web-based management interface of an affected device. An attacker could exploit this v

CVE-2018-5390 [HIGH] CWE-400 CVE-2018-5390: Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() an Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.