Cisco has pushed a new patch to address four critical-severity vulnerabilities plaguing its cloud-based Webex Services platform – and has also warned Wi-Fi access points users of a bug in certain versions of IOS XE that could result in a device bootloop.
Webex Services is a platform for communication and collaboration, letting people hold video meetings, send messages, make calls, and share files, all from one place. It was found vulnerable to four flaws: CVE-2026-20184 (9.8/10 – a vulnerability in the integration of single sign-on (SSO)), CVE-2026-20147 (9.9/10 – a remote code execution bug in Cisco ISE and Cisco ISE-PIC), CVE-2026-20180, and CVE-2026-20186 (9.9/10 arbitrary code execution flaws in Cisco Identity Services Engine).
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Two Santa Cruz students uncover security bug that could let millions do their laundry for free
May 17, 2024
A pair of university students say they found and reported earlier this year a security flaw allowing anyone to avoid paying for laundry provided by over a million internet-connected laundry machines in residences and college campuses around the world. Months later, the vulnerability remains open after CSC ServiceWorks repeatedly ignored requests to fix the flaw. Read more… Source: ...
- Payload Trends in Malicious OneNote Samples
May 16, 2024
In this post, Unt 42 researchers look at the types of embedded payloads that attackers leverage to abuse Microsoft OneNote files. Our analysis of roughly 6,000 malicious OneNote samples from WildFire reveals that these samples have a phishing-like theme where attackers use one or more images to lure people into clicking or interacting with OneNote ...
- Update Chrome now! Google releases emergency security patch
May 14, 2024
Google has released an emergency security update for its Chrome browser. The update includes a patch released four days earlier for a vulnerability which Google say is already being exploited. The easiest way to update Chrome is to allow it to update automatically, but you can end up lagging behind if you never close the browser ...
- Foxit PDF “Flawed Design” Exploitation
May 14, 2024
In the realm of PDF viewers, Adobe Acrobat Reader reigns supreme as the industry’s dominant player. However, while Adobe Acrobat Reader holds the biggest market share, notable contenders are vying for attention, with Foxit PDF Reader being a prominent alternative. With more than 700 million users located in more than 200 countries and significant customers in ...
- QakBot attacks with Windows zero-day (CVE-2024-30051)
May 14, 2024
In early April 2024, Kaspersky researchers decided to take a closer look at the Windows DWM Core Library Elevation of Privilege Vulnerability CVE-2023-36033, which was previously discovered as a zero-day exploited in the wild. While searching for samples related to this exploit and attacks that used it, they found a curious document uploaded to VirusTotal on ...
- Exploits and vulnerabilities in Q1 2024
May 7, 2024
Software vulnerabilities that threat actors can exploit or are already actively exploiting are a critical component of evolving cyberthreat landscape. In this report, Kaspersky researchers present a series of insightful statistical and analytical snapshots relating to the trends in the emergence of new vulnerabilities and exploits, as well as the most prevalent vulnerabilities being used by ...