Cisco has released patches for critical vulnerabilities in Identity Services Engine (ISE) and Webex Services that could enable remote code execution, root-level access, and user impersonation. Organizations are urged to apply updates immediately because no workarounds exist and the flaws affect widely used authentication and SSO integrations. #CiscoISE #WebexServices
Keypoints
- Critical ISE flaws (including CVE-2026-20147) can allow authenticated attackers to execute arbitrary commands and gain root access.
- Two additional ISE vulnerabilities (CVE-2026-20180 and CVE-2026-20186) let attackers with limited privileges execute commands and escalate access.
- The Webex Services bug (CVE-2026-20184) in SSO certificate validation could allow unauthenticated attackers to impersonate any user.
- No workarounds exist; Cisco has released patches across supported ISE versions and Webex deployments and customers must update.
- A compromised ISE could disrupt authentication, deny service to endpoints, and give attackers broad visibility and control over networks.
Read More: https://thecyberexpress.com/cisco-ise-vulnerabilities-enable-rce/