CVE-2025-20156 (CNNVD-202501-3280)
中文标题:
Cisco Meeting Management 安全漏洞
英文标题:
Cisco Meeting Management Client-Server Privilege Escalation Vulnerability
漏洞描述
中文描述:
Cisco Meeting Management(CMM)是美国思科(Cisco)公司的一个 Cisco 本地视频会议平台 Cisco Meeting Server 的管理工具。 Cisco Meeting Management存在安全漏洞,该漏洞源于REST API用户授权不足,导致低权限认证远程攻击者可通过发送API请求到特定端点提升至管理员权限。
英文描述:
A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This vulnerability exists because proper authorization is not enforced upon REST API users. An attacker could exploit this vulnerability by sending API requests to a specific endpoint. A successful exploit could allow the attacker to gain administrator-level control over edge nodes that are managed by Cisco Meeting Management.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Cisco | Cisco Meeting Management | CMM3.4.0 | - | - |
cpe:2.3:a:cisco:cisco_meeting_management:cmm3.4.0:*:*:*:*:*:*:*
|
| Cisco | Cisco Meeting Management | CMM3.2.0 | - | - |
cpe:2.3:a:cisco:cisco_meeting_management:cmm3.2.0:*:*:*:*:*:*:*
|
| Cisco | Cisco Meeting Management | CMM2.9.1 | - | - |
cpe:2.3:a:cisco:cisco_meeting_management:cmm2.9.1:*:*:*:*:*:*:*
|
| Cisco | Cisco Meeting Management | CMM2.9.0 | - | - |
cpe:2.3:a:cisco:cisco_meeting_management:cmm2.9.0:*:*:*:*:*:*:*
|
| Cisco | Cisco Meeting Management | CMM3.1.0 | - | - |
cpe:2.3:a:cisco:cisco_meeting_management:cmm3.1.0:*:*:*:*:*:*:*
|
| Cisco | Cisco Meeting Management | CMM3.5.0 | - | - |
cpe:2.3:a:cisco:cisco_meeting_management:cmm3.5.0:*:*:*:*:*:*:*
|
| Cisco | Cisco Meeting Management | CMM3.6.0 | - | - |
cpe:2.3:a:cisco:cisco_meeting_management:cmm3.6.0:*:*:*:*:*:*:*
|
| Cisco | Cisco Meeting Management | CMM3.6.1 | - | - |
cpe:2.3:a:cisco:cisco_meeting_management:cmm3.6.1:*:*:*:*:*:*:*
|
| Cisco | Cisco Meeting Management | CMM3.7.0 | - | - |
cpe:2.3:a:cisco:cisco_meeting_management:cmm3.7.0:*:*:*:*:*:*:*
|
| Cisco | Cisco Meeting Management | CMM3.8.0 | - | - |
cpe:2.3:a:cisco:cisco_meeting_management:cmm3.8.0:*:*:*:*:*:*:*
|
| Cisco | Cisco Meeting Management | CMM3.9.0 | - | - |
cpe:2.3:a:cisco:cisco_meeting_management:cmm3.9.0:*:*:*:*:*:*:*
|
| cisco | meeting_management | * | - | - |
cpe:2.3:a:cisco:meeting_management:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
3.1 (cna)
CRITICALCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-20156 |
2025-11-11 15:23:05 | 2025-11-11 07:40:08 |
| NVD | nvd_CVE-2025-20156 |
2025-11-11 15:00:40 | 2025-11-11 07:47:58 |
| CNNVD | cnnvd_CNNVD-202501-3280 |
2025-11-11 15:11:59 | 2025-11-11 07:59:28 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 其他
- cnnvd_id: 未提取 -> CNNVD-202501-3280
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 11 -> 12
- data_sources: ['cve'] -> ['cve', 'nvd']