轉發 台灣電腦網路危機處理暨協調中心 資安訊息警訊 TWCERTCC-200-202602-00000003

[內容說明]
Cisco Meeting Management 提供管理員網頁介面，並監控管理視訊會議，包括新增/移除參與者、靜音、變更畫面佈局及啟動錄影等功能。
近日Cisco發布重大資安公告(CVE-2026-20098，CVSS：8.8)，此為任意檔案上傳漏洞，可能允許經過身分驗證的遠端攻擊者，上傳任意檔案、執行任意命令，並將受影響的系統權限提升至root。
備註：若要利用此漏洞，攻擊者至少擁有視訊操作員的有效使用者憑證。

[影響平台]
Cisco Meeting Management 3.12(含)之前版本

[建議措施]
請更新至以下版本：
Cisco Meeting Management 3.12.1 MR (含)之後版本

[參考資料]
1. https://www.twcert.org.tw/tw/cp-169-10695-3f9b6-1.html

Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202602-00000003

[Content Description]
Cisco Meeting Management provides an administrator web interface for monitoring and managing video conferences, including adding/removing participants, muting, changing screen layout, and starting recording.

Recently, Cisco released a major cybersecurity advisory (CVE-2026-20098, CVSS: 8.8), which is an arbitrary file upload vulnerability. This vulnerability could allow an authenticated remote attacker to upload arbitrary files, execute arbitrary commands, and escalate privileges to root on the affected system.

Note: To exploit this vulnerability, an attacker must possess at least valid user credentials for the video operator.

[Affected Platforms]
Cisco Meeting Management versions 3.12 and earlier

[Recommended Actions]
Please update to the following version:
Cisco Meeting Management 3.12.1 MR and later

[References]
1. https://www.twcert.org.tw/tw/cp-169-10695-3f9b6-1.html