Cisco Family January 2025 First Round Security Update Advisory
Overview
Cisco(https://www.cisco.com) has released a security update that fixes vulnerabilities in products it has been made. Users of affected systems are advised to update to the latest version.
Affected Products
Cisco BroadWorks RI.2024.11 and earlier versions
Cisco Meeting Management 3.8 or below
Cisco Meeting Management 3.9 and earlier
Cisco Unified Industrial Wireless 17.14 or below
Cisco Unified Industrial Wireless 17.15 and earlier
Resolved Vulnerabilities
Privilege Escalation Vulnerability in the REST API in Cisco Meeting Management (CVE-2025-20156, CVSS 9.9) [1]
Denial of Service Vulnerability in SIP in Cisco BroadWorks (CVE-2025-20165, CVSS 7.5) [2]
Command Injection vulnerability in the web-based management interface of Cisco Unified Industrial Wireless software (CVE-2025-20418) [3]
Vulnerability Patches
Cisco BroadWorks RI.2024.11 Versions
Cisco Meeting Management 3.8 or below migrate to the corrected release
Cisco Meeting Management 3.9.1
Cisco Unified Industrial Wireless 17.14 or below migrate to the revised release (17.15.1)
Cisco Unified Industrial Wireless 17.15.1
Product-specific Vulnerability Patches were made available in the 01/22/2025 update. please refer to the ‘Affected Products’ and ‘Fixed Software’ in the product-specific information in the Referenced Sites below to apply the patches.
Referenced Sites
[1] Cisco Meeting Management REST API Privilege Escalation Vulnerability
[2] Cisco BroadWorks SIP Denial of Service Vulnerability
[3] Cisco Unified Industrial Wireless Software for Ultra-Reliable Wireless Backhaul Access Point Command Injection Vulnerability
Https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-backhaul-ap-cmdinj-R7E28Ecs