Cisco Systems issues three advisories for critical vulnerabilities in Webex, ISE
Summary
Cisco has issued advisories for critical vulnerabilities in its Webex services, specifically affecting the SSO integration with Control Hub. Admins must install a new identity provider certificate to mitigate a flaw that could allow unauthenticated attackers to impersonate users.
IFF Assessment
The vulnerability allows for impersonation and loss of access control, posing a significant risk to users and services.
Severity
The CVSS score of 9.8 indicates a critical severity, likely due to the potential for remote, unauthenticated exploitation leading to complete loss of confidentiality, integrity, and availability by allowing impersonation.
Defender Context
This highlights the critical need for timely patching and configuration management, especially for cloud services with integrated identity management. Defenders should prioritize applying the necessary certificate updates to their Webex environments to prevent potential account takeovers and service disruptions.