Cisco has pushed a new patch to address four critical-severity vulnerabilities plaguing its cloud-based Webex Services platform – and has also warned Wi-Fi access points users of a bug in certain versions of IOS XE that could result in a device bootloop.
Webex Services is a platform for communication and collaboration, letting people hold video meetings, send messages, make calls, and share files, all from one place. It was found vulnerable to four flaws: CVE-2026-20184 (9.8/10 – a vulnerability in the integration of single sign-on (SSO)), CVE-2026-20147 (9.9/10 – a remote code execution bug in Cisco ISE and Cisco ISE-PIC), CVE-2026-20180, and CVE-2026-20186 (9.9/10 arbitrary code execution flaws in Cisco Identity Services Engine).
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Thousands of MikroTik Routers Hacked to Eavesdrop On Network Traffic
September 3, 2018
Last month we reported about a widespread crypto-mining malware campaign that hijacked over 200,000 MikroTik routers using a previously disclosed vulnerability revealed in the CIA Vault 7 leaks. Now Chinese security researchers at Qihoo 360 Netlab have discovered that out of 370,000 potentially vulnerable MikroTik routers, more than 7,500 devices have been compromised to enable Socks4 proxy maliciously, allowing attackers to ...
- Microsoft Windows zero-day vulnerability disclosed through Twitter
August 28, 2018
Microsoft has quickly reacted to the disclosure of a previously unknown zero-day vulnerability in the Windows operating system. On Monday, Twitter user SandboxEscaper revealed the existence of the bug on the microblogging platform. As reported by the Register, the user said: “Here is the alpc bug as 0day. I don’t f**king care about life anymore. Neither do I ...
- Smartphones From 11 OEMs Vulnerable to Attacks via Hidden AT Commands
August 25, 2018
Millions of mobile devices from eleven smartphone vendors are vulnerable to attacks carried out using AT commands, a team of security researchers has discovered. AT (ATtention) commands, or the Hayes command set, is a collection of short-string commands developed in the early 1980s that were designed to be transmitted via phone lines and control modems. Different AT ...
- Legacy System Exposes Contact Info of BlackHat 2018 Attendees
August 22, 2018
Full contact information of everyone attending the BlackHat security conference this year has been exposed in clear text, a researcher has found. The data trove includes name, email, company, and phone number. The BlackHat 2018 conference badge came embedded with a near-field communication (NFC) tag that stored the contact details of the participant, for identification or for ...
- New Apache Struts RCE Flaw Lets Hackers Take Over Web Servers
August 22, 2018
Semmle security researcher Man Yue Mo has disclosed a critical remote code execution vulnerability in the popular Apache Struts web application framework that could allow remote attackers to run malicious code on the affected servers. Apache Struts is an open source framework for developing web applications in the Java programming language and is widely used by enterprises globally, ...
- Retro tech leaves NHS open to cyber-attacks, say researchers
August 20, 2018
Hackers could gain access to NHS networks by exploiting vulnerabilities in fax machines, security researchers have suggested. Staff at Check Point Software discovered exploits in widely-used fax machines that enable hackers to spread malware through a malicious image file. Malware can be coded into the image file which, when decoded by the fax machine and uploaded to its ...