Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

The Hacker News by The Hacker News
April 16, 2026
Home Cybersecurity
Share on FacebookShare on Twitter


Ravie LakshmananApr 16, 2026Vulnerability / Network Security

Cisco has announced patches to address four critical security flaws impacting Identity Services and Webex Services that could result in arbitrary code execution and allow an attacker to impersonate any user within the service.

The details of the vulnerabilities are below –

  • CVE-2026-20184 (CVSS score: 9.8) – An improper certificate validation in the integration of single sign-on (SSO) with Control Hub in Webex Services that could allow an unauthenticated, remote attacker to impersonate any user within the service and gain unauthorized access to legitimate Cisco Webex services.
  • CVE-2026-20147 (CVSS score: 9.9) – An insufficient validation of user-supplied input vulnerability in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could allow an authenticated, remote attacker in possession of valid administrative credentials to achieve remote code execution by sending crafted HTTP requests.
  • CVE-2026-20180 and CVE-2026-20186 (CVSS scores: 9.9) – Multiple insufficient validation of user-supplied input vulnerabilities in ISE could allow an authenticated, remote attacker in possession of read only admin credentials to execute arbitrary commands on the underlying operating system of an affected device by sending crafted HTTP requests.

“A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root,” Cisco said in an advisory for CVE-2026-20147, CVE-2026-20180, and CVE-2026-20186.

“In single-node ISE deployments, successful exploitation of this vulnerability could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.”

CVE-2026-20184 requires no customer action as it’s cloud-based. However, customers who are using SSO are advised to upload a new identity provider (IdP) SAML certificate to Control Hub. The remaining vulnerabilities have been addressed in the following versions –

  • CVE-2026-20147
    • Cisco ISE or ISE-PIC Release earlier than 3.1 (Migrate to a fixed release)
    • Cisco ISE Release 3.1 (3.1 Patch 11)
    • Cisco ISE Release 3.2 (3.2 Patch 10)
    • Cisco ISE Release 3.3 (3.3 Patch 11)
    • Cisco ISE Release 3.4 (3.4 Patch 6)
    • Cisco ISE Release 3.5 (3.5 Patch 3)
  • CVE-2026-20180 and CVE-2026-20186
    • Cisco ISE Release earlier than 3.2 (Migrate to a fixed release)
    • Cisco ISE Release 3.2 (3.2 Patch 8)
    • Cisco ISE Release 3.3 (3.3 Patch 8)
    • Cisco ISE Release 3.4 (3.4 Patch 4)
    • Cisco ISE Release 3.5 (Not Vulnerable)

While Cisco noted that it is not aware of any of these shortcomings being exploited in the wild, it’s essential that users update their instances to the latest version for optimal protection.



Source link

The Hacker News

The Hacker News

Next Post
Interview: Bernard Seiser, vice-president of digital, data and IT, AOP Health | Computer Weekly

Interview: Bernard Seiser, vice-president of digital, data and IT, AOP Health | Computer Weekly

Recommended.

BetMGM Unveils Fastest, Most Intuitive and Rewarding App Ahead of Football Season

BetMGM Unveils Fastest, Most Intuitive and Rewarding App Ahead of Football Season

August 20, 2025
UK cyber action plan lays out path to resilience | Computer Weekly

UK cyber action plan lays out path to resilience | Computer Weekly

September 19, 2025

Trending.

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

May 4, 2026
Anaconda Extends AI-Native Application Development With Acquisition

Anaconda Extends AI-Native Application Development With Acquisition

May 1, 2026
This Scammer Used an AI-Generated MAGA Girl to Grift ‘Super Dumb’ Men

This Scammer Used an AI-Generated MAGA Girl to Grift ‘Super Dumb’ Men

April 21, 2026
AT&T Vs. Verizon: How The Country’s Biggest Carriers Fared In Q4 2025

AT&T Vs. Verizon: How The Country’s Biggest Carriers Fared In Q4 2025

January 30, 2026
Elon Musk Is Rolling xAI Into SpaceX—Creating the World’s Most Valuable Private Company

Elon Musk Is Rolling xAI Into SpaceX—Creating the World’s Most Valuable Private Company

February 3, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio