Cisco released security updates addressing four critical vulnerabilities, including a Webex SSO certificate-validation flaw (CVE-2026-20184) that could let unauthenticated attackers impersonate users. Customers using SSO must upload a new SAML certificate to Control Hub, and Cisco also patched critical ISE flaws while noting no evidence of active exploitation. #Webex #CVE-2026-20184 #ControlHub #IdentityServicesEngine #Interlock #SecureFirewallManagementCenter
Keypoints
- Cisco patched four critical vulnerabilities, including an improper certificate validation bug in Webex SSO (CVE-2026-20184).
- The Webex flaw allowed unauthenticated attackers to impersonate any user by presenting a crafted token to a service endpoint.
- Customers using SSO must upload a new SAML certificate to Control Hub to avoid service disruption.
- Three critical Identity Services Engine flaws (CVE-2026-20147, CVE-2026-20180, CVE-2026-20186) could enable arbitrary OS command execution if attackers have administrative credentials.
- Ten additional medium-severity issues were fixed, PSIRT reported no evidence of exploitation, and CISA recently ordered a patch for an FMC zero-day exploited by Interlock ransomware (CVE-2026-20131).