Cisco: Critical code injection vulnerabilities in ISE and more closed
Critical security vulnerabilities in Cisco's Identity Services Engine and Webex. In total, developers are closing 10 security holes.
(Image: VIVEK PAYGUDE/Shutterstock.com)
Cisco warns of partly critical security vulnerabilities in its products. The company published ten security advisories on Thursday night.
The most serious are security vulnerabilities in Cisco's Identity Services Engine (ISE), which allow the injection of malicious code from the network. In ISE and ISE Passive Identity Connector (ISE-PIC), logged-in administrators can inject malicious code from the network or perform path traversal attacks on vulnerable instances (CVE-2026-20147, CVSS 9.9, risk “critical”; CVE-2026-20148, CVSS 4.9, risk “medium”). If attackers have at least read-only admin credentials, they can use them to inject arbitrary commands to the operating system of ISE instances from the network and thus smuggle code from the network (CVE-2026-20180, CVE-2026-20186, both CVSS 9.9, risk “critical”). Updates to close the vulnerabilities are available.
Malicious actors can also cause damage in the web conferencing software Cisco Webex. Due to insufficient certificate validation in the Single Sign-On (SSO) integration with Control Hub in Webex services, malicious actors can impersonate arbitrary users in the service from the network. Attackers can exploit this without prior login by connecting to a service endpoint by sending a manipulated token to gain unauthorized access to legitimate Webex services (CVE-2026-20184, CVSS 9.8, risk “critical”). As it is a cloud service, Cisco has already resolved the issue on the server side. However, customers using SSO should upload a new Identity Provider certificate (IdP SAML) to prevent service interruptions. Cisco mentions that there have been no reports of abuse of the vulnerabilities on the network so far.
Cisco closes further security vulnerabilities
The network equipment provider also lists further security vulnerabilities, all of which have been classified as “medium” risk:
- Cisco Secure Web Appliance Authentication Bypass Vulnerability (CVE-2026-20152)
- Cisco Webex Contact Center Cross-Site Scripting Vulnerability (CVE-2026-20170)
- Cisco Unity Connection Cross-Site Scripting, Open Redirect, and SQL Injection Vulnerabilities (CVE-2026-20059, CVE-2026-20060, CVE-2026-20061)
- Cisco Unity Connection Arbitrary File Download Vulnerabilities (CVE-2026-20078, CVE-2026-20081)
- Cisco ThousandEyes Enterprise Agent Arbitrary File Overwrite Vulnerability (CVE-2026-20161)
- Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities (CVE-2026-20132)
- Cisco Identity Services Engine Authenticated Privilege Escalation Vulnerability (CVE-2026-20136)
Admins should check if they are using vulnerable Cisco products and apply the available updates promptly.
Videos by heise
Cisco published several security warnings two weeks ago. They also dealt with critical security vulnerabilities.
(dmk)
