"Tracked as CVE-2026-20184, the critical Webex bug impacts the single sign-on (SSO) integration with Control Hub and could allow remote, unauthenticated attackers to impersonate any user, Cisco says."
"The two vulnerabilities exist because user-supplied input is insufficiently validated, allowing attackers to obtain user-level access to the underlying OS via crafted HTTP requests and then elevate their privileges to root."
"The third critical ISE flaw, CVE-2026-20147, allows remote, authenticated attackers with admin privileges to execute arbitrary commands on the underlying OS, and can be exploited in the same way as the other two issues."
Cisco announced patches for 15 vulnerabilities, including critical flaws in Webex and Identity Services Engine (ISE). A critical Webex bug could allow remote attackers to impersonate users via SSO integration. Two critical ISE vulnerabilities could enable authenticated attackers to execute arbitrary commands on the OS. The third ISE flaw allows admin-privileged attackers to execute commands similarly. The remaining vulnerabilities include medium-severity issues leading to various attacks. Cisco is not aware of any exploitation of these vulnerabilities in the wild.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]