Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                              CERT-Renater

                  Note d'Information No. 2025/VULN038

_____________________________________________________________________

DATE                : 23/01/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Cisco Meeting Management versions
                                     prior to 3.9.1,
                     Cisco BroadWorks versions prior to RI.2024.11,
                     Secure Endpoint Connector for Linux versions
                                     prior to 1.25.1,
                     Secure Endpoint Connector for Mac versions prior
                                     to 1.24.4,
                     Secure Endpoint Connector for Windows versions
                                      prior to 7.5.20, 8.4.3,
                     Secure Endpoint Private Cloud versions prior to
                                      4.2.0 with updated connectors.

=====================================================================
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmm-privesc-uy2Vf8pc
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-sip-dos-mSySbrmt
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA
_____________________________________________________________________

Below is the list of Cisco Security Advisories published by Cisco
PSIRT on 2025-January-22.

The following PSIRT security advisories (1 Critical, 1 High, 1 Medium)
were published at 16:00 UTC today.

Table of Contents:

1) Cisco Meeting Management REST API Privilege Escalation
Vulnerability
- SIR: Critical

2) Cisco BroadWorks SIP Denial of Service Vulnerability - SIR: High

3) ClamAV OLE2 File Format Decryption Denial of Service Vulnerability
- SIR: Medium

+--------------------------------------------------------------------

1) Cisco Meeting Management REST API Privilege Escalation
Vulnerability

CVE-2025-20156

SIR: Critical

CVSS Score v(3.1): 9.9

URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmm-privesc-uy2Vf8pc ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmm-privesc-uy2Vf8pc"]

+--------------------------------------------------------------------

2) Cisco BroadWorks SIP Denial of Service Vulnerability

CVE-2025-20165

SIR: High

CVSS Score v(3.1): 7.5

URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-sip-dos-mSySbrmt ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-sip-dos-mSySbrmt"]

+--------------------------------------------------------------------

3) ClamAV OLE2 File Format Decryption Denial of Service
Vulnerability

CVE-2025-20128

SIR: Medium

CVSS Score v(3.1): 5.3

URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA"]
        
=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================