Cisco has pushed a new patch to address four critical-severity vulnerabilities plaguing its cloud-based Webex Services platform – and has also warned Wi-Fi access points users of a bug in certain versions of IOS XE that could result in a device bootloop.
Webex Services is a platform for communication and collaboration, letting people hold video meetings, send messages, make calls, and share files, all from one place. It was found vulnerable to four flaws: CVE-2026-20184 (9.8/10 – a vulnerability in the integration of single sign-on (SSO)), CVE-2026-20147 (9.9/10 – a remote code execution bug in Cisco ISE and Cisco ISE-PIC), CVE-2026-20180, and CVE-2026-20186 (9.9/10 arbitrary code execution flaws in Cisco Identity Services Engine).
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- CVE-2021-31181: Microsoft Sharepoint Webpart Interpretation Conflict Remote Code Execution Vulnerability
June 2, 2021
In May of 2021, Microsoft released a patch to correct CVE-2021-31181 – a remote code execution bug in the supported versions of Microsoft SharePoint Server. This bug was reported to the ZDI program by an anonymous researcher and is also known as ZDI-21-573. This blog takes a deeper look at the root cause of this ...
- HPE Fixes Critical Zero-Day in Server Management Software
May 31, 2021
Hewlett Packard Enterprise (HPE) has fixed a critical zero-day remote code execution (RCE) flaw in its HPE Systems Insight Manager (SIM) software for Windows that it originally disclosed in December. HPE SIM is a tool that enables remote support automation and management for a variety of HPE servers, including the HPE ProLiant Gen10 and HPE ProLiant ...
- New Epsilon Red ransomware hunts unpatched Microsoft Exchange servers
May 29, 2021
A new ransomware threat calling itself Red Epsilon has been seen leveraging Microsoft Exchange server vulnerabilities to encrypt machines across the network. Epsilon Red ransomware attacks rely on more than a dozen scripts before reaching the encryption stage and also use a commercial remote desktop utility. Read more… Source: Bleeping Computer
- Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices
May 27, 2021
Mandiant published detailed results of our investigations into compromised Pulse Secure devices by suspected Chinese espionage operators. This blog post is intended to provide an update on our findings, give additional recommendations to network defenders, and discuss potential implications for U.S.-China strategic relations. Mandiant continues to gather evidence and respond to intrusions involving compromises of Pulse ...
- Threats From a Compromised 4G/5G Campus Network
May 27, 2021
Over the past two decades, industrial sectors and everyday users have reaped the benefits of advancements in telecom technologies. At present, the catalyst and basis for future changes is 5G. A sign of this continuing development and influence for some industries is their investment in non-public networks (NPN), also commonly referred to as campus networks. The ...
- PDF Feature ‘Certified’ Widely Vulnerable to Attack
May 26, 2021
Certified portable document format (PDF) files are used to securely sign agreements between two parties while keeping the contents’ integrity protected, but a new report found the security protections on most certified PDF applications were inadequate and left organizations exposed to a number of attacks. Researchers from Ruhr University Bochum explained certified PDFs use two specific ...