Cisco has issued urgent security patches for four critical vulnerabilities affecting its Identity Services Engine (ISE) and Webex Services. These flaws could allow attackers to execute arbitrary code and impersonate users, posing a significant risk to organizations relying on these platforms for communication and network access.

Key Takeaways

• Four critical vulnerabilities have been patched in Cisco's Webex Services and Identity Services Engine (ISE).

• One Webex vulnerability (CVE-2026-20184) allows unauthenticated user impersonation.

• Three ISE vulnerabilities (CVE-2026-20147, CVE-2026-20180, CVE-2026-20186) enable remote code execution, even with read-only admin credentials.

• While Cisco is unaware of active exploitation, immediate patching and configuration updates are recommended.

Webex Services Vulnerability

A critical vulnerability, CVE-2026-20184 (CVSS score 9.8), has been identified in the single sign-on (SSO) integration within Cisco's Webex Services and Control Hub. This flaw stems from improper certificate validation, potentially allowing unauthenticated remote attackers to impersonate any user and gain unauthorized access to legitimate Webex services. Although Cisco has addressed this in its cloud-based services, customers utilizing SSO are advised to upload a new identity provider (IdP) SAML certificate to Control Hub to prevent service interruptions.

Identity Services Engine (ISE) Vulnerabilities

Three critical vulnerabilities have been patched in Cisco ISE. CVE-2026-20147 (CVSS score 9.9) involves insufficient validation of user-supplied input, allowing authenticated remote attackers with administrative credentials to achieve arbitrary code execution. Additionally, CVE-2026-20180 and CVE-2026-20186 (both CVSS score 9.9) also stem from insufficient input validation, enabling authenticated remote attackers with read-only administrative credentials to execute arbitrary commands on the underlying operating system. Successful exploitation of these ISE vulnerabilities could lead to user-level access, privilege escalation to root, and in single-node deployments, potential denial-of-service conditions that could prevent endpoints from accessing the network.

Patching and Mitigation

Cisco has provided specific release versions for patching the ISE vulnerabilities:

• CVE-2026-20147: Requires migration to fixed releases for versions earlier than 3.1, or patching to specific versions for releases 3.1, 3.2, 3.3, 3.4, and 3.5.

• CVE-2026-20180 and CVE-2026-20186: Requires migration to fixed releases for versions earlier than 3.2, or patching to specific versions for releases 3.2, 3.3, and 3.4. Release 3.5 is noted as not vulnerable.

While Cisco is not aware of these vulnerabilities being exploited in the wild, the high severity and potential impact necessitate prompt action from all users to update their systems and configurations to the latest secure versions.

By staying vigilant and adopting safe browsing practices, users can significantly reduce their exposure to these evolving threats. As cyber threats continue to evolve, your security strategy needs to evolve with them. BetterWorld Technology delivers adaptive cybersecurity solutions designed to keep your business secure while supporting innovation. Connect with us today to schedule a personalized consultation.

Sources

• Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution, The Hacker News.

• Cisco Patches Critical Vulnerabilities in Webex, ISE, SecurityWeek.

• Cisco says critical Webex Services flaw requires customer action, BleepingComputer.

• Cisco Webex Flaw Raises Alarm Over User Impersonation Risk, SQ Magazine.

• Fixes 4 critical vulnerabilities in Identity Services and Webex, SecNews.gr.