Alert GCSA-26066 - Vulnerabilita' critiche in prodotti Cisco
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
******************************************************************
alert ID: GCSA-26066
data: 16 aprile 2026
titolo: Vulnerabilita' critiche in prodotti Cisco
******************************************************************
:: Descrizione del problema
Cisco ha pubblicato alcuni avvisi di sicurezza, con i quali vengono risolte
15 vulnerabilita', delle quali 4 di livello critico, relative ai prodotti
Webex Meetings, Identity Services Engine (ISE) e ISE Passive Identity Connector (ISE-PIC).
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Apparati interessati
Cisco ISE (Identity Services Engine)
Cisco ISE-PIC (ISE Passive Identity Connector)
Cisco Webex
Cisco Secure Web Appliance
Cisco Unity Connection
Cisco ThousandEyes Enterprise Agent
Per una descrizione completa dei dispositivi interessati, si prega di fare riferimento
ai Security Advisories ufficiali.
:: Impatto
Esecuzione remota di codice arbitrario (RCE)
Cross Site Scripting (XSS)
Bypass delle funzionalita' di sicurezza (SFB)
Denial of Service (DoS)
Spoofing (Provide Misleading Information)
:: Soluzioni
Si consiglia di valutare l'impatto delle vulnerabilita' sui dispositivi in uso,
e di aggiornare il prima possibile.
E' possibile utilizzare Cisco Software Checker
https://sec.cloudapps.cisco.com/security/center/softwarechecker.x
per determinare il patching appropriato.
Prima dell'installazione del software consultare il sito del fornitore per maggiori dettagli.
:: Riferimenti
Cisco Security Advisories
https://sec.cloudapps.cisco.com/security/center/publicationListing.x
Cisco Identity Services Engine (ISE)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isexss-BS8ctE7U
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-4fverepv
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-cmd-inj-5WSJcYJB
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ
Cisco Unity Connection
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-file-download-RmKEVWPx
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-vulns-n2EJSbbw
Cisco Webex Contact Center
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webexcc-xss-WEX5nUnA
Cisco Webex Services
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL
Cisco Secure Web Appliance
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-auth-bypass-6YZkTQhd
Cisco ThousandEyes Enterprise Agent
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-te-agentfilewrite-tqUw3SMU
Bleeping Computer
https://www.bleepingcomputer.com/news/security/cisco-says-critical-webex-services-flaw-requires-customer-action/
SecurityWeek
https://www.securityweek.com/cisco-patches-critical-vulnerabilities-in-webex-ise/
The Hacker News
https://thehackernews.com/2026/04/cisco-patches-four-critical-identity.html
Mitre CVE
I riferimenti CVE sono disponibili negli advisory del produttore.
GARR CERT Security Alert - subscribe/unsubscribe:
https://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCaeEOiAAKCRDBnEyTZRJg
QqqpAKDGw98bFTT5shGsY5n2eGGvDlqZuwCgquzrpfwMBZOFdUhchddLrF8VP8w=
=VvB0
-----END PGP SIGNATURE-----
Hash: SHA256
******************************************************************
alert ID: GCSA-26066
data: 16 aprile 2026
titolo: Vulnerabilita' critiche in prodotti Cisco
******************************************************************
:: Descrizione del problema
Cisco ha pubblicato alcuni avvisi di sicurezza, con i quali vengono risolte
15 vulnerabilita', delle quali 4 di livello critico, relative ai prodotti
Webex Meetings, Identity Services Engine (ISE) e ISE Passive Identity Connector (ISE-PIC).
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Apparati interessati
Cisco ISE (Identity Services Engine)
Cisco ISE-PIC (ISE Passive Identity Connector)
Cisco Webex
Cisco Secure Web Appliance
Cisco Unity Connection
Cisco ThousandEyes Enterprise Agent
Per una descrizione completa dei dispositivi interessati, si prega di fare riferimento
ai Security Advisories ufficiali.
:: Impatto
Esecuzione remota di codice arbitrario (RCE)
Cross Site Scripting (XSS)
Bypass delle funzionalita' di sicurezza (SFB)
Denial of Service (DoS)
Spoofing (Provide Misleading Information)
:: Soluzioni
Si consiglia di valutare l'impatto delle vulnerabilita' sui dispositivi in uso,
e di aggiornare il prima possibile.
E' possibile utilizzare Cisco Software Checker
https://sec.cloudapps.cisco.com/security/center/softwarechecker.x
per determinare il patching appropriato.
Prima dell'installazione del software consultare il sito del fornitore per maggiori dettagli.
:: Riferimenti
Cisco Security Advisories
https://sec.cloudapps.cisco.com/security/center/publicationListing.x
Cisco Identity Services Engine (ISE)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isexss-BS8ctE7U
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-4fverepv
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-cmd-inj-5WSJcYJB
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ
Cisco Unity Connection
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-file-download-RmKEVWPx
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-vulns-n2EJSbbw
Cisco Webex Contact Center
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webexcc-xss-WEX5nUnA
Cisco Webex Services
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL
Cisco Secure Web Appliance
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-auth-bypass-6YZkTQhd
Cisco ThousandEyes Enterprise Agent
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-te-agentfilewrite-tqUw3SMU
Bleeping Computer
https://www.bleepingcomputer.com/news/security/cisco-says-critical-webex-services-flaw-requires-customer-action/
SecurityWeek
https://www.securityweek.com/cisco-patches-critical-vulnerabilities-in-webex-ise/
The Hacker News
https://thehackernews.com/2026/04/cisco-patches-four-critical-identity.html
Mitre CVE
I riferimenti CVE sono disponibili negli advisory del produttore.
GARR CERT Security Alert - subscribe/unsubscribe:
https://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCaeEOiAAKCRDBnEyTZRJg
QqqpAKDGw98bFTT5shGsY5n2eGGvDlqZuwCgquzrpfwMBZOFdUhchddLrF8VP8w=
=VvB0
-----END PGP SIGNATURE-----