Cisco has pushed a new patch to address four critical-severity vulnerabilities plaguing its cloud-based Webex Services platform – and has also warned Wi-Fi access points users of a bug in certain versions of IOS XE that could result in a device bootloop.
Webex Services is a platform for communication and collaboration, letting people hold video meetings, send messages, make calls, and share files, all from one place. It was found vulnerable to four flaws: CVE-2026-20184 (9.8/10 – a vulnerability in the integration of single sign-on (SSO)), CVE-2026-20147 (9.9/10 – a remote code execution bug in Cisco ISE and Cisco ISE-PIC), CVE-2026-20180, and CVE-2026-20186 (9.9/10 arbitrary code execution flaws in Cisco Identity Services Engine).
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- D-Link router riddled with 0-day flaws
September 12, 2017
A security researcher has shamed D‑Link by publicly disclosing 10 serious, as-yet unpatched vulnerabilities in a line of consumer-grade routers without notifying the vendor first. Security researcher Pierre Kim went public on a series of flaws in D‑Link DIR 850L wireless AC1200 dual-band gigabit cloud routers without disclosing the issue to D‑Link beforehand because of a ...
- Android Users Vulnerable to ‘High-Severity’ Overlay Attacks
September 9, 2017
Security researchers warned of a high-severity Android flaw on Thursday that stems from what they call a “toast attack” overlay vulnerability. Researchers say criminals could use the Android’s toast notification, a feature that provides simple feedback about an operation in a small pop up, in an attack scenario to obtain admin rights on targeted phones ...
- Equifax hack: Britons among 143 million people to have their details compromised
September 8, 2017
Credit agency Equifax has admitted that data from 143 million customers may have been compromised in a security breach earlier this year. US, UK and Canadian residents are among those to have their details accessed through a website application vulnerability. The attack was discovered to have run from mid-May until 29 July, but the US company has ...
- Dragonfly 2.0: Hacking Group Infiltrated European and US Power Facilities
September 7, 2017
The notorious hacking group that has been in operation since at least 2011 has re-emerged and is still interested in targeting the United States and European companies in the energy sector. Yes, I am talking about the ‘Dragonfly,’ a well-resourced, Eastern European hacking group responsible for sophisticated cyber-espionage campaigns against the critical infrastructure of energy companies in different ...
- Microsoft Programming Error is Behind Dangerous Kernel Bug, Researchers Claim
September 7, 2017
Researchers claim a programming error in the Microsoft Windows kernel cracks the door open for malicious executables to bypass security software. The flaw, according to security firm EnSilo, has been present on previous versions of Windows dating back to Windows 2000 and can be found on Windows 10 as well. “The bug is a programming error ...
- Hackers Can Silently Control Siri, Alexa & Other Voice Assistants Using Ultrasound
September 6, 2017
What if your smartphone starts making calls, sending text messages, and browsing malicious websites on the Internet itself without even asking you? This is no imaginations, as hackers can make this possible using your smartphone’s personal assistant like Siri or Google Now. A team of security researchers from China’s Zhejiang University have discovered a clever way of ...