Cisco has pushed a new patch to address four critical-severity vulnerabilities plaguing its cloud-based Webex Services platform – and has also warned Wi-Fi access points users of a bug in certain versions of IOS XE that could result in a device bootloop.
Webex Services is a platform for communication and collaboration, letting people hold video meetings, send messages, make calls, and share files, all from one place. It was found vulnerable to four flaws: CVE-2026-20184 (9.8/10 – a vulnerability in the integration of single sign-on (SSO)), CVE-2026-20147 (9.9/10 – a remote code execution bug in Cisco ISE and Cisco ISE-PIC), CVE-2026-20180, and CVE-2026-20186 (9.9/10 arbitrary code execution flaws in Cisco Identity Services Engine).
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Adobe Issues Emergency Patches for Two Critical Flaws in Acrobat and Reader
January 3, 2019
Adobe has issued an out-of-band security update to patch two critical vulnerabilities in the company’s Acrobat and Reader for both the Windows and macOS operating systems. Though the San Jose, California-based software company did not give details about the vulnerabilities, it did classify the security flaws as critical since they allow privilege escalation and arbitrary code execution in ...
- Tildeb: Analyzing the 18-year-old Implant from the Shadow Brokers’ Leak
December 13, 2018
On April 14, 2017, The Shadow Brokers (TSB) leaked a bevy of hacking tools named “Lost in Translation.” This leak is notorious for having multiple zero-day remote code execution (RCE) vulnerabilities targeting critical protocols such as Server Message Block (SMB) and Remote Desktop Protocol (RDP) and applications like collaboration and web server-based software. The exploit toolkit includes EternalBlue, ...
- For the fourth month in a row, Microsoft patches Windows zero-day used in the wild
December 11, 2018
Today, Microsoft released its monthly security patches –known as the Patch Tuesday updates. This month the Redmond-based company fixed 38 vulnerabilities across a large set of products. For the fourth month in a row, Microsoft patched a Windows OS zero-day vulnerability that was being exploited in the wild. Just like in the last two months, and for ...
- New Adobe Flash Zero-Day Exploit Found Hidden Inside MS Office Docs
December 6, 2018
Cybersecurity researchers have discovered a new zero-day vulnerability in Adobe Flash Player that hackers are actively exploiting in the wild as part of a targeted campaign appears to be attacking a Russian state health care institution. The vulnerability, tracked as CVE-2018-15982, is a use-after-free flaw resides in Flash Player that, if exploited successfully, allows an attacker to ...
- UK’s NCSC Explains How They Handle Discovered Vulnerabilities
December 1, 2018
When the United Kingdom’s National Cyber Security Center (NCSC) performs operational tasks, they may find vulnerabilities in software, hardware, websites, or critical infrastructure. When they find these vulnerabilities, they go through a review process called the “Equities Process” that determines if they are going to disclose the vulnerability so that it is fixed or if ...
- Backdoor in Popular JavaScript Library Set to Steal Cryptocurrency
November 27, 2018
A JavaScript library that scores over two million downloads every week has been injected with malicious code for stealing coins from a cryptocurrency wallet. The affected package is Event-Stream, built to simplify working with Node.js streaming modules and it is available through the npmjs.com repository. Although the malicious code was discovered last week, researchers were able to determine ...