—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Arbitrary File Upload Vulnerability in CISCO 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Systems Affected

Cisco Meeting Management

Overview

A vulnerability has been reported in Certificate Management feature of Cisco Meeting Management could allow an authenticated, remote attacker to upload arbitrary files, execute arbitrary commands, and elevate privileges to root on an affected system.

Target Audience: 

All IT administrators and individuals responsible for maintaining and updating in Software.

Risk Assessment:

High risk of data manipulation and service disruption.

Impact Assessment:

Potential impact on confidentiality, integrity, and availability of the system.

Description

This vulnerability exists due to improper input validation in certain sections of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system.

Successful exploitation of this vulnerability could allow the attacker to must have valid credentials for a user account with at least the role of video operator.

Solution

Apply appropriate updates as mentioned in Cisco Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmm-file-up-kY47n8kK

Vendor Information

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmm-file-up-kY47n8kK

References

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmm-file-up-kY47n8kK

CVE Name

CVE-2026-20098

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmmG7+wACgkQ3jCgcSdc

ys9iPQ//dGcKKzLMkYBxij+MhTZBNbSdcWgjM1sdXGr759CtVRbwEf+/MPajpmhS

K9lTqQJGcvej6ta750yuYuHDnBvvwNtJa/h8gqGFglqXi+ipDqVSuO2onfJqc8K5

T0PX4K29B8MmL8oiTl447j1CNBYUDjvsuZMwy0t/PE3riPaxiErj0F/Pr54z/ucU

Qn0OKUJuGOUB1KjJjO1bxtqPcdQTKEgtIutk9jXp5At11TL5R13OcyaEf05knac0

VU444W1q4ZtEri1QyZUoiKTHmW7MXsw64F4UBY4JgkUrr5OdSg3l/U9K+7KGx9LE

CfoJpcpZAGPwDlPPfvbT5eQmoWVabTvPH/mR+RB0TwkuwIcXIbB8XSlvqtS237NM

4PwQVPDNrw1vGYcuPNrrfrlsEi4Ezl7znZinuGT60vrJoHmz6o6otFnGmdD+CshY

rOIw70n6FkQbw8pjdXIJC4cbKFRDv8yPQv6I9BAjOhPzKl1LabRNKnJEQl2FcGYy

p+y8q7mUVgUS5Q6sv1pGl4tcKxf/fifJ2/sFmEh4subK13Hv141ABM4WxzedSSGZ

V2Mfu46xrofvORgoOmmYNGMj1/4OctQeQQ3AqbXppoY4Eeah95PbTLbY8tRvfJvS

kGiuDrGG+RMaGJVWDM3M7HSii+6Sg9y4l+AIGyitLTSt/gh5lgg=

=5v5P

—–END PGP SIGNATURE—–