Cisco has pushed a new patch to address four critical-severity vulnerabilities plaguing its cloud-based Webex Services platform – and has also warned Wi-Fi access points users of a bug in certain versions of IOS XE that could result in a device bootloop.
Webex Services is a platform for communication and collaboration, letting people hold video meetings, send messages, make calls, and share files, all from one place. It was found vulnerable to four flaws: CVE-2026-20184 (9.8/10 – a vulnerability in the integration of single sign-on (SSO)), CVE-2026-20147 (9.9/10 – a remote code execution bug in Cisco ISE and Cisco ISE-PIC), CVE-2026-20180, and CVE-2026-20186 (9.9/10 arbitrary code execution flaws in Cisco Identity Services Engine).
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign
April 11, 2023
This guide provides steps that organizations can take to assess whether users have been targeted or compromised by threat actors exploiting CVE-2022-21894 via a Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus. UEFI bootkits are particularly dangerous as they run at computer startup, prior to the operating system loading, and therefore can interfere with or ...
- CISA Adds Two Known Exploited Vulnerabilities to Catalog
April 10, 2023
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-28206 Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related story: CISA Adds Five Known Exploited Vulnerabilities to Catalog Related story: CISA Releases Seven Industrial Control Systems Advisories
- Apple fixes recently disclosed zero-days on older iPhones and iPads
April 10, 2023
Apple has released emergency updates to backport security patches released on Friday, addressing two actively exploited zero-day flaws also affecting older iPhones, iPads, and Macs. “Apple is aware of a report that this issue may have been actively exploited,” the company said in security advisories published on Monday. Read more… Source: Bleeping Computer
- Welcome to open source, Elon. Your Twitter code just got a CVE for shadow ban bug
April 7, 2023
The chunk of internal source code Twitter released the other week contains a “shadow ban” vulnerability serious enough to earn its own CVE, as it can be exploited to bury someone’s account of sight “without recourse.” The issue was discovered by Federico Andres Lois while reviewing the tweet recommendation engine that’s said to power Twitter’s For ...
- Apple fixes two zero-days exploited to hack iPhones and Macs
April 7, 2023
Apple has released emergency security updates to address two new zero-day vulnerabilities exploited in attacks to compromise iPhones, Macs, and iPads. “Apple is aware of a report that this issue may have been actively exploited,” the company said when describing the issues in security advisories published on Friday. Read more… Source: Bleeping Computer
- CISA Adds One Known Exploited Vulnerability to Catalog
April 3, 2023
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation. CVE-2022-27926 Zimbra Collaboration (ZCS) Cross-Site Scripting (XSS) Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency