Cisco has pushed a new patch to address four critical-severity vulnerabilities plaguing its cloud-based Webex Services platform – and has also warned Wi-Fi access points users of a bug in certain versions of IOS XE that could result in a device bootloop.
Webex Services is a platform for communication and collaboration, letting people hold video meetings, send messages, make calls, and share files, all from one place. It was found vulnerable to four flaws: CVE-2026-20184 (9.8/10 – a vulnerability in the integration of single sign-on (SSO)), CVE-2026-20147 (9.9/10 – a remote code execution bug in Cisco ISE and Cisco ISE-PIC), CVE-2026-20180, and CVE-2026-20186 (9.9/10 arbitrary code execution flaws in Cisco Identity Services Engine).
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- PoC Attack Escalates MikroTik Router Bug to ‘As Bad As It Gets’
October 7, 2018
A new hacking technique used against vulnerable MikroTik routers gives attackers the ability to execute remote code on affected devices. The technique is yet another security blow against the MikroTik router family. Previous hacks have left the routers open to device failures, cyptojacking and network eavesdropping. The hacking technique, found by Tenable Research and outlined on ...
- Facebook security breach: Up to 50m accounts attacked
September 28, 2018
Facebook has said “almost 50 million” of its users were left exposed by a security flaw. The company said attackers were able to exploit a vulnerability in a feature known as “View As” to gain control of people’s accounts. The breach was discovered on Tuesday, Facebook said, and it has informed police. Users that had potentially been affected ...
- New Linux Kernel Bug Affects Red Hat, CentOS, and Debian Distributions
September 26, 2018
Security researchers have published the details and proof-of-concept (PoC) exploits of an integer overflow vulnerability in the Linux kernel that could allow an unprivileged user to gain superuser access to the targeted system. The vulnerability, discovered by cloud-based security and compliance solutions provider Qualys, which has been dubbed “Mutagen Astronomy,” affects the kernel versions released between ...
- Over 80 Cisco Products Affected by FragmentSmack DoS Bug
September 25, 2018
Cisco is currently looking into its product line to determine which products and services use Linux kernel 3.9 or above, which is vulnerable to the FragmentSmack denial-of-service (DoS) bug. The networking hardware manufacturer already assembled a list of more than 80 products that are affected by the vulnerability. Many of them expect a fix by February ...
- macOS Mojave Privacy Bypass Flaw Allows Access to Protected Files
September 24, 2018
A security researcher shows on Mojave’s release day that Apple’s latest privacy protection implementations in macOS are not sufficiently strong. In a minute-long clip, Patrick Wardle shows that the security in the dark-themed macOS can be bypassed to reach sensitive user data, such as the information in the address book. Talking to BleepingComputer, Wardle says that he ...
- Cisco: We’ve killed another critical hard-coded root password bug, patch urgently
September 24, 2018
Cisco has supplied a patch for its Video Surveillance Manager software to erase hardcoded default credentials for the root account. Admins responsible for appliances running Cisco’s surveillance software should urgently patch the flaw, which has a Common Vulnerability Scoring System (CVSS) version 3 score of 9.8 out of a possible 10. The flaw would allow an attacker ...