icon

Digital safety starts here for both commercial and personal Use...

Defend Your Business Against the Latest WNY Cyber Threats We offer Safe, Secure and Affordable Solutions for your Business and Personal Networks and Devices.



WNYCyber is there to help you to choose the best service providers in Western New York... We DO NOT provide the services ourselves, as we are Internet Programmers who have to deak daily with Cyber Threats... (Ugghhh)... So we know what it's like and what it takes to protect OUR and OUR CUSTOMERS DATA... We built this Website to help steer you to those that can give you the best service at realistic and non-inflated prices. We do charge or collect any fees.

Buffalo, New York
United States

Current Threat Data

Cisco Fixes ClamAV Vulnerability With Available PoC and Critical Meeting Management Flaw

Summary:
Cisco Product Security Incident Response Team (PSIRT) recently released patches for a critical privilege escalation vulnerability in Meeting Management, CVE-2025-20156, and a heap-based buffer overflow flaw, CVE-2025-20128, that can terminate the ClamAV scanning process on endpoints running a Cisco Secure Endpoint Connector. A PoC exploit for the medium severity vulnerability, CVE-2025-20128, is available according to Cisco. However, Cisco is not aware of any active exploitation of the vulnerability yet and the flaw was reported by OSS-Fuzz, Google’s continuous fuzzing program for open-source software. Therefore, the PoC exploit is unlikely to be published online anytime soon. Cisco Meeting Management is a tool for monitoring and managing meetings running on Cisco Meeting Server, the company’s on-premises video meeting platform.

Security Officer Comments:
The CVE-2025-20156 flaw exists due to improper authorization enforcement for users of the solution’s REST API. This weakness can be exploited remotely by authenticated attackers with low privileges and can be used to elevate privileges to administrator on an affected device, by simply sending API requests to a specific endpoint. The vulnerability affects all Cisco Meeting Management versions up to and including 3.9 and 3.8 and does not affect version 3.10. Since there is no available workaround, admins should upgrade to a fixed version (3.9.1) or to the unaffected one (3.10). CVE-2025-20128 is a heap buffer overflow bug in the OLE2 file parser used by ClamAV, the open-source anti-malware toolkit maintained by Cisco’s Talos cybersecurity division. “An attacker could exploit CVE-2025-20128 by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software,” Cisco explained. Cisco Secure Endpoint Connectors for Windows, Linux, and macOS, distributed from Cisco Secure Endpoint Private Cloud are affected by CVE-2025-20128. Users are advised to implement the security updates as soon as possible.

Suggested Corrections:
Cisco has released free software updates that address the vulnerability described in this advisory. Customers with service contracts that entitle them to regular software updates should obtain security fixes through their usual update channels.

The Cisco Support and Downloads page on Cisco[.]com provides information about licensing and downloads. This page can also display customer device support coverage for customers who use the My Devices tool.

Link(s):
https://www.helpnetsecurity.com/2025/01/23/cisco-clamav-cve-2025-20128-meeting-management-cve-2025-20156/

Contact Us for Threat Assistance
Back to Current Threats