InfoSecBulletin Cybersecurity for mankind
Cisco has updated to fix four security issues affecting Identity Services and Webex Services. These flaws could let someone run harmful code and pretend to be any user in the service.
The details of the vulnerabilities are below:
OpenAI unveils its first custom chip, Named Jalapeño
Bajaj Auto System Hit by a Ransomware Attack
Cisco Unified CM flaw CVE-2026-20230 exploited in attacks
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CVE-2026-20184 (CVSS score: 9.8): An improper check of certificates in the single sign-on (SSO) system with Control Hub in Webex Services may let a remote attacker who is not signed in pretend to be any user and get unauthorized access to genuine Cisco Webex services.
CVE-2026-20147 (CVSS score: 9.9): An issue with checking user input in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) could let a remote attacker with valid admin credentials run harmful code by sending specially made HTTP requests.
CVE-2026-20180 and CVE-2026-20186 (CVSS scores: 9.9): Multiple insufficient validation of user-supplied input vulnerabilities in ISE could allow an authenticated, remote attacker in possession of read only admin credentials to execute arbitrary commands on the underlying operating system of an affected device by sending crafted HTTP requests.
“A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root,” Cisco said in an advisory for CVE-2026-20147, CVE-2026-20180, and CVE-2026-20186.
“In single-node ISE deployments, successful exploitation of this vulnerability could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.”
CVE-2026-20184 does not need any action from customers because it’s cloud-based. But, customers using SSO should upload a new IdP SAML certificate to Control Hub. The other problems have been fixed in these versions –
CVE-2026-20147
Cisco ISE or ISE-PIC Release earlier than 3.1 (Migrate to a fixed release)
Cisco ISE Release 3.1 (3.1 Patch 11)
Cisco ISE Release 3.2 (3.2 Patch 10)
Cisco ISE Release 3.3 (3.3 Patch 11)
Cisco ISE Release 3.4 (3.4 Patch 6)
Cisco ISE Release 3.5 (3.5 Patch 3)
CVE-2026-20180 and CVE-2026-20186
Cisco ISE Release earlier than 3.2 (Migrate to a fixed release)
Cisco ISE Release 3.2 (3.2 Patch 8)
Cisco ISE Release 3.3 (3.3 Patch 8)
Cisco ISE Release 3.4 (3.4 Patch 4)
Cisco ISE Release 3.5 (Not Vulnerable)
Cisco said it has not seen any of these issues being used to attack systems, but users should update to the latest version for better security.
