Home / Technology / Cisco Webex, APs Hit By Critical Flaws
Cisco Webex, APs Hit By Critical Flaws
17 Apr
Summary
- Four critical flaws patched in Cisco Webex Services affecting SSO.
- A separate IOS XE bug impacts over 230 Wi-Fi access point models.
- No exploitation was reported before Cisco released the security fixes.
Cisco has urgently addressed four critical vulnerabilities affecting its cloud-based Webex Services. These security flaws, rated highly for severity, include issues with single sign-on integration and remote code execution within Cisco Identity Services Engine. While no exploitation has been reported, successful attacks could have granted unauthorized access to Webex services. Users integrating single sign-on are advised to upload a new SAML certificate to Control Hub.
In parallel, Cisco is warning users of a bug impacting over 230 models of Wi-Fi access points. This issue stems from a Cisco IOS XE vulnerability where updated libraries cause daily log file bloat of 5MB. This persistent growth prevents the deletion of log files and consumes disk space, ultimately blocking device updates and potentially causing bootloops. Affected versions include 17.12.4 through 17.12.6a.
