Cisco has pushed a new patch to address four critical-severity vulnerabilities plaguing its cloud-based Webex Services platform – and has also warned Wi-Fi access points users of a bug in certain versions of IOS XE that could result in a device bootloop.
Webex Services is a platform for communication and collaboration, letting people hold video meetings, send messages, make calls, and share files, all from one place. It was found vulnerable to four flaws: CVE-2026-20184 (9.8/10 – a vulnerability in the integration of single sign-on (SSO)), CVE-2026-20147 (9.9/10 – a remote code execution bug in Cisco ISE and Cisco ISE-PIC), CVE-2026-20180, and CVE-2026-20186 (9.9/10 arbitrary code execution flaws in Cisco Identity Services Engine).
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Gatekeeper Bypass: Uncovering Weaknesses in a macOS Security Mechanism
October 17, 2024
Unit 42 researchers have found that certain third-party utilities and applications pertaining to archiving, virtualization and Apple’s native command-line tools do not enforce the quarantine attribute. This can pose a threat to the integrity of a security feature on macOS known as Gatekeeper, which is responsible for ensuring that only trusted software runs on the system. ...
- Cyber Security Association of China calls for cybersecurity review of Intel products sold in China
October 16, 2024
The Cyber Security Association of China on Wednesday called for the launch of a systematic review of potential cybersecurity risks in Intel products due to frequent vulnerabilities and high failure rates, in order to effectively safeguard China’s national security and the legitimate rights and interests of Chinese consumers. The association cited four reasons for the review: ...
- Tor Browser and Firefox users should update to fix actively exploited vulnerability
October 16, 2024
Mozilla has announced a security fix for its Firefox browser which also impacts the closely related Tor Browser. The new version fixes one critical security vulnerability which is reportedly under active exploitation. To address the flaw, both Mozilla and Tor recommend that users update their browsers to the most current versions available. Firefox users that have ...
- How Low Can You Go? An Analysis of 2023 Time-to-Exploit Trends
October 15, 2024
Mandiant analyzed 138 vulnerabilities that were disclosed in 2023 and that we tracked as exploited in the wild. Consistent with past analyses, the majority (97) of these vulnerabilities were exploited as zero-days (vulnerabilities exploited before patches are made available, excluding end-of-life technologies). Forty-one vulnerabilities were exploited as n-days (vulnerabilities first exploited after patches are available). While ...
- Fake attachment. Roundcube mail server attacks exploit CVE-2024-37383 vulnerability.
October 15, 2024
In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document. However, the email ...
- Critical Veeam Backup & Replication Vulnerability Under Active Exploitation
October 11, 2024
Security researchers have reported CVE-2024-40711 is under active exploitation by ransomware groups. These groups are reportedly exploiting CVE-2024-40711 as a second stage exploit to create new local Administrator accounts to facilitate further objectives on compromised networks. Reports warn of exploitation attempts since shortly after official disclosure by Veeam. Enterprise backup and disaster recovery applications are valuable ...