- Cisco patches four critical flaws in Webex Services, including SSO and Identity Services Engine RCE bugs
- No exploitation reported before fixes; users must update SAML certificates in Control Hub
- Separate IOS XE bug causes Wi‑Fi access points to bloat logs and fail updates, affecting 230+ models
Cisco has pushed a new patch to address four critical-severity vulnerabilities plaguing its cloud-based Webex Services platform - and has also warned Wi-Fi access points users of a bug in certain versions of IOS XE that could result in a device bootloop.
Webex Services is a platform for communication and collaboration, letting people hold video meetings, send messages, make calls, and share files, all from one place.
It was found vulnerable to four flaws: CVE-2026-20184 (9.8/10 - a vulnerability in the integration of single sign-on (SSO)), CVE-2026-20147 (9.9/10 - a remote code execution bug in Cisco ISE and Cisco ISE-PIC), CVE-2026-20180, and CVE-2026-20186 (9.9/10 arbitrary code execution flaws in Cisco Identity Services Engine).
Patch now
Apparently, no threat actors found these flaws before they were patched: "Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by connecting to a service endpoint and supplying a crafted token," Cisco said in its security advisory.
"A successful exploit could have allowed the attacker to gain unauthorized access to legitimate Cisco Webex services."
While Cisco patched the flaws, it also stressed that those using SSO integration should upload a new SAML certificate for their identity provider (IdP) to Control Hub.
Bloating access points
At the same time, the company warned its access points users of a bug that could render their devices useless. In a separate advisory, Cisco said how “certain Cisco Access Points (APs) may fail to download new software images or Access Point Service Packs”, because an updated library in Cisco IOS XE generates a log file that grows by 5MB every day.
The file, which cannot be deleted from the command line interface, will keep growing until there is no more room on the disk, essentially preventing any further updates to be installed on the device.
Versions 17.12.4, 17.12.5, 17.12.6, and 17.12.6a are affected, it was said. In total, more than 230 different models are at risk, Cisco said.
“The longer an AP runs the affected software, the higher the probability that a software download will fail due to insufficient disk space,” the advisory reads..
Users should, therefore, move to a version that doesn’t bloat the device, but it’s not as straightforward of a process. Cisco published a detailed guide, so if you’re using the company’s APs, make sure to read it here.
Via The Register
