Cisco has released updates to fix four significant security vulnerabilities affecting its Identity Services and Webex platforms. These flaws, if left unaddressed, could allow attackers to execute arbitrary code and impersonate users, posing serious risks to network integrity and user data security.
Details of the Vulnerabilities
Four critical vulnerabilities have been identified, each carrying the potential for severe exploitation. The first, tracked as CVE-2026-20184 with a CVSS score of 9.8, relates to improper certificate validation in the single sign-on (SSO) integration within Webex Services. This flaw permits unauthenticated attackers to impersonate users and access Cisco Webex services without authorization.
The second flaw, CVE-2026-20147, scoring 9.9, is found in the Identity Services Engine (ISE) and its Passive Identity Connector (ISE-PIC). This vulnerability allows remote attackers with valid admin credentials to execute code remotely by sending specifically crafted HTTP requests.
Additionally, the CVE-2026-20180 and CVE-2026-20186 vulnerabilities, both with a CVSS score of 9.9, involve inadequate validation of user inputs in ISE. These could lead to arbitrary command execution on the affected systems’ operating systems when exploited by attackers with read-only admin credentials.
Potential Impact of Exploits
Cisco has warned that successful exploitation of these vulnerabilities could grant attackers user-level access to the operating system, with the potential to escalate privileges to root. Particularly in single-node ISE deployments, exploiting these vulnerabilities could render the node unavailable, causing a denial of service (DoS) condition that prevents unauthenticated endpoints from accessing the network.
For CVE-2026-20184, which is cloud-based, no action is required from customers. However, those using SSO are advised to update their identity provider SAML certificate within the Control Hub. Cisco has addressed the other vulnerabilities through updates available in specific software releases.
Recommended Updates and User Action
To mitigate these risks, Cisco recommends users migrate to fixed releases or apply the latest patches. Specifically, updates are necessary for Cisco ISE versions earlier than 3.1 for CVE-2026-20147, and versions earlier than 3.2 for CVE-2026-20180 and CVE-2026-20186. Users should ensure they apply the appropriate patches for versions 3.1 through 3.5, as outlined by Cisco.
Though Cisco has not observed these vulnerabilities being exploited in actual attacks, it emphasizes the importance of updating systems promptly to maintain the highest level of protection against potential threats.
By staying informed and proactive, users can significantly reduce the risk of exploitation and maintain robust security across their Cisco services.
