Cisco Webex Services flaw demands immediate customer action
▼ Summary
– Cisco released security updates to patch four critical vulnerabilities, including one in its Webex Services platform.
– The Webex flaw (CVE-2026-20184) allowed unprivileged attackers to impersonate any user via a single sign-on integration.
– Customers using SSO with Webex must manually upload a new SAML certificate to avoid service interruption.
– Three other critical flaws were patched in Cisco’s Identity Services Engine, requiring administrative credentials to exploit.
– Cisco also addressed ten medium-severity flaws and stated none of the vulnerabilities have been seen exploited in attacks.
Cisco has issued an urgent call to action for users of its Webex Services platform, requiring them to manually update their security certificates following the patching of a critical vulnerability. This flaw, identified as CVE-2026-20184, was discovered in the platform’s single sign-on (SSO) integration with the Control Hub management portal. Cisco has already resolved the issue on its service side, but customers utilizing SSO must take an additional step to prevent potential service disruption.
The vulnerability stemmed from an improper certificate validation process. According to a Cisco advisory, a remote attacker without any privileges could have exploited this by supplying a specially crafted token to a service endpoint. A successful attack would have granted the attacker unauthorized access to legitimate Webex services, allowing them to impersonate any user on the platform. To fully mitigate this risk, administrators must now upload a new SAML certificate from their identity provider to the Control Hub.
This Webex flaw was one of four critical vulnerabilities addressed by Cisco this week. The company also patched three severe security issues within its Identity Services Engine (ISE) platform, tracked as CVE-2026-20147, CVE-2026-20180, and CVE-2026-20186. These ISE vulnerabilities could allow an attacker with administrative credentials to execute arbitrary commands on the underlying operating system. The latest security updates additionally include fixes for ten medium-severity flaws that could lead to authentication bypass, privilege escalation, or denial-of-service conditions.
Cisco’s Product Security Incident Response Team stated it has seen no evidence that any of these newly patched vulnerabilities have been exploited in active attacks. This proactive patching follows recent high-profile security incidents involving Cisco products. Just last month, the Cybersecurity and Infrastructure Security Agency mandated that federal agencies patch a separate maximum-severity flaw in Cisco’s Secure Firewall Management Center. That vulnerability, CVE-2026-20131, had been exploited as a zero-day in ransomware attacks since January.
(Source: BleepingComputer)
