Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202602-00000003

[Content Description]
Cisco Meeting Management provides an administrator web interface for monitoring and managing video conferences, including adding/removing participants, muting, changing screen layout, and starting recording.

Recently, Cisco released a major cybersecurity advisory (CVE-2026-20098, CVSS: 8.8), which is an arbitrary file upload vulnerability. This vulnerability could allow an authenticated remote attacker to upload arbitrary files, execute arbitrary commands, and escalate privileges to root on the affected system.

Note: To exploit this vulnerability, an attacker must possess at least valid user credentials for the video operator.

[Affected Platforms]
Cisco Meeting Management versions 3.12 and earlier

[Recommended Actions]
Please update to the following version:
Cisco Meeting Management 3.12.1 MR and later

[References]
1. https://www.twcert.org.tw/tw/cp-169-10695-3f9b6-1.html