"CVE-2026-20184 (CVSS score: 9.8) allows an unauthenticated, remote attacker to impersonate any user within the service and gain unauthorized access to legitimate Cisco Webex services."
"CVE-2026-20147 (CVSS score: 9.9) could allow an authenticated, remote attacker to achieve remote code execution by sending crafted HTTP requests."
"Successful exploitation of vulnerabilities in ISE could allow an attacker to obtain user-level access to the underlying operating system and then elevate privileges to root."
"In single-node ISE deployments, successful exploitation could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition."
Cisco has identified four critical vulnerabilities affecting Identity Services and Webex Services, with CVSS scores ranging from 9.8 to 9.9. These flaws could enable attackers to impersonate users, execute arbitrary code, and potentially elevate privileges. Specific vulnerabilities include improper certificate validation in Webex Services and insufficient validation of user input in Identity Services Engine. Successful exploitation could lead to unauthorized access, denial of service, and user-level access to the operating system. While one vulnerability requires no action, others necessitate customer intervention to mitigate risks.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]