"Cisco rolled out fixes for five security defects, including two high-severity bugs in TelePresence Collaboration Endpoint (CE) and RoomOS software, and Meeting Management. The first, tracked as CVE-2026-20119, can be exploited remotely without authentication or user interaction to cause a DoS condition by sending a crafted meeting invitation to a vulnerable appliance. Cisco fixed the flaw in TelePresence CE Software and RoomOS software versions 11.27.5.0 and 11.32.3.0."
"The second vulnerability, tracked as CVE-2026-20098 and resolved in Meeting Management version 3.12.1 MR, exists because the web management interface fails to properly validate user input, allowing authenticated attackers to send crafted requests. Successful exploitation of the bug allows attackers with at least the role of video operator to upload arbitrary files, including system files processed by the root account, thus leading to command execution with root privileges."
"On Wednesday, F5 published its February 2026 quarterly security notification, which describes five medium- and low-severity vulnerabilities patched in BIG-IP and NGINX. Based on the CVSS 4.0 scoring system, two of the bugs have a 'high' severity rating. First in line is CVE-2026-22548, a BIG-IP bug that could be exploited to cause a DoS condition by restarting the bd process and disrupting traffic."
Cisco and F5 released patches for multiple vulnerabilities across their products. Cisco fixed five defects, including two high-severity bugs in TelePresence Collaboration Endpoint (CE), RoomOS, and Meeting Management. CVE-2026-20119 permits remote unauthenticated exploitation to cause denial-of-service by sending a crafted meeting invitation to a vulnerable appliance; fixes apply to TelePresence CE and RoomOS versions 11.27.5.0 and 11.32.3.0. CVE-2026-20098 allows authenticated users with the video operator role to upload arbitrary files through the Meeting Management web interface, enabling root-level command execution; fixed in Meeting Management 3.12.1 MR. Cisco also patched three medium-severity defects in AsyncOS, Prime Infrastructure, and EPNM. F5 patched five medium- and low-severity flaws in BIG-IP and NGINX, including CVE-2026-22548 which can cause a DoS by restarting the bd process.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]