Alert GCSA-26076 - Vulnerabilita' in prodotti Cisco
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
******************************************************************
alert ID: GCSA-26076
data: 07 maggio 2026
titolo: Vulnerabilita' in prodotti Cisco
******************************************************************
:: Descrizione del problema
Cisco ha pubblicato alcuni avvisi di sicurezza, con i quali
vengono risolte 13 vulnerabilita', delle quali 5 di livello alto.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Apparati e software interessati
Cisco Unity Connection
Cisco Enterprise Chat and Email (ECE)
Cisco Identity Services Engine (ISE)
Cisco Prime Infrastructure
Cisco Slido
Cisco IoT Field Network Director (FND)
Cisco Crosswork Network Controller (CNC)
Cisco Network Services Orchestrator (NSO)
Cisco SG350 e SG350X Series Managed Switches
Per una descrizione completa dei dispositivi interessati, si prega di
far riferimento ai Security Advisories ufficiali.
:: Impatto
Esecuzione remota di codice arbitrario (RCE)
Bypass delle funzionalita' di sicurezza (SFB)
Denial of Service (DoS)
Accesso a dati riservati (ID)
Server-side Request Forgery (SSRF)
Cross-site Scripting (XSS)
:: Soluzioni
Si consiglia di valutare l'impatto delle vulnerabilita' sui dispositivi in uso,
e di aggiornare il prima possibile.
E' possibile utilizzare Cisco Software Checker
https://sec.cloudapps.cisco.com/security/center/softwarechecker.x
per determinare il patching appropriato.
Prima dell'installazione del software consultare il sito del fornitore per maggiori dettagli.
:: Riferimenti
Cisco Security Advisories
https://sec.cloudapps.cisco.com/security/center/publicationListing.x
Cisco Unity Connection
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-rce-ssrf-hENhuASy
Cisco Enterprise Chat and Email (ECE)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-lite-agent-BCgSN8eb
Cisco Identity Services Engine (ISE)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-bypass-uxjRXGpb
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-42tgsdMG
Cisco Prime Infrastructure
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-unauth-infodiscl-LFnLgmey
Cisco Slido
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-slido-idor-CpsFmKxN
Cisco IoT Field Network Director (FND)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iot-fnd-dos-n8N26Q4u
Cisco Crosswork Network Controller (CNC) and Cisco Network Services Orchestrator (NSO)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-dos-7Egqyc
Cisco SG350 and SG350X Series Managed Switches
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg350-snmp-dos-GEFZr2Tj
Bleeping Computer
https://www.bleepingcomputer.com/news/security/new-cisco-dos-flaw-requires-manual-reboot-to-revive-devices/
Mitre CVE
https://www.cve.org/CVERecord?id=CVE-2026-20034
https://www.cve.org/CVERecord?id=CVE-2026-20035
https://www.cve.org/CVERecord?id=CVE-2026-20172
https://www.cve.org/CVERecord?id=CVE-2026-20193
https://www.cve.org/CVERecord?id=CVE-2026-20195
https://www.cve.org/CVERecord?id=CVE-2026-20189
https://www.cve.org/CVERecord?id=CVE-2026-20219
https://www.cve.org/CVERecord?id=CVE-2026-20167
https://www.cve.org/CVERecord?id=CVE-2026-20168
https://www.cve.org/CVERecord?id=CVE-2026-20169
https://www.cve.org/CVERecord?id=CVE-2026-20188
https://www.cve.org/CVERecord?id=CVE-2026-20185
GARR CERT Security Alert - subscribe/unsubscribe:
https://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCafxuXQAKCRDBnEyTZRJg
QrJ5AJ9oibg4xQ6AgF8mruPoaeKsOetiygCdEpmdzGZBIfHujzixWhPY3vZ4ReU=
=SZJp
-----END PGP SIGNATURE-----
Hash: SHA256
******************************************************************
alert ID: GCSA-26076
data: 07 maggio 2026
titolo: Vulnerabilita' in prodotti Cisco
******************************************************************
:: Descrizione del problema
Cisco ha pubblicato alcuni avvisi di sicurezza, con i quali
vengono risolte 13 vulnerabilita', delle quali 5 di livello alto.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Apparati e software interessati
Cisco Unity Connection
Cisco Enterprise Chat and Email (ECE)
Cisco Identity Services Engine (ISE)
Cisco Prime Infrastructure
Cisco Slido
Cisco IoT Field Network Director (FND)
Cisco Crosswork Network Controller (CNC)
Cisco Network Services Orchestrator (NSO)
Cisco SG350 e SG350X Series Managed Switches
Per una descrizione completa dei dispositivi interessati, si prega di
far riferimento ai Security Advisories ufficiali.
:: Impatto
Esecuzione remota di codice arbitrario (RCE)
Bypass delle funzionalita' di sicurezza (SFB)
Denial of Service (DoS)
Accesso a dati riservati (ID)
Server-side Request Forgery (SSRF)
Cross-site Scripting (XSS)
:: Soluzioni
Si consiglia di valutare l'impatto delle vulnerabilita' sui dispositivi in uso,
e di aggiornare il prima possibile.
E' possibile utilizzare Cisco Software Checker
https://sec.cloudapps.cisco.com/security/center/softwarechecker.x
per determinare il patching appropriato.
Prima dell'installazione del software consultare il sito del fornitore per maggiori dettagli.
:: Riferimenti
Cisco Security Advisories
https://sec.cloudapps.cisco.com/security/center/publicationListing.x
Cisco Unity Connection
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-rce-ssrf-hENhuASy
Cisco Enterprise Chat and Email (ECE)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-lite-agent-BCgSN8eb
Cisco Identity Services Engine (ISE)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-bypass-uxjRXGpb
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-42tgsdMG
Cisco Prime Infrastructure
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-unauth-infodiscl-LFnLgmey
Cisco Slido
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-slido-idor-CpsFmKxN
Cisco IoT Field Network Director (FND)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iot-fnd-dos-n8N26Q4u
Cisco Crosswork Network Controller (CNC) and Cisco Network Services Orchestrator (NSO)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-dos-7Egqyc
Cisco SG350 and SG350X Series Managed Switches
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg350-snmp-dos-GEFZr2Tj
Bleeping Computer
https://www.bleepingcomputer.com/news/security/new-cisco-dos-flaw-requires-manual-reboot-to-revive-devices/
Mitre CVE
https://www.cve.org/CVERecord?id=CVE-2026-20034
https://www.cve.org/CVERecord?id=CVE-2026-20035
https://www.cve.org/CVERecord?id=CVE-2026-20172
https://www.cve.org/CVERecord?id=CVE-2026-20193
https://www.cve.org/CVERecord?id=CVE-2026-20195
https://www.cve.org/CVERecord?id=CVE-2026-20189
https://www.cve.org/CVERecord?id=CVE-2026-20219
https://www.cve.org/CVERecord?id=CVE-2026-20167
https://www.cve.org/CVERecord?id=CVE-2026-20168
https://www.cve.org/CVERecord?id=CVE-2026-20169
https://www.cve.org/CVERecord?id=CVE-2026-20188
https://www.cve.org/CVERecord?id=CVE-2026-20185
GARR CERT Security Alert - subscribe/unsubscribe:
https://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCafxuXQAKCRDBnEyTZRJg
QrJ5AJ9oibg4xQ6AgF8mruPoaeKsOetiygCdEpmdzGZBIfHujzixWhPY3vZ4ReU=
=SZJp
-----END PGP SIGNATURE-----