—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Certificate Validation Vulnerability in Cisco Webex Services

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Software Affected

Cisco Webex Services configured with SSO integration via Control Hub

Overview

A vulnerability has been reported in the certificate validation mechanism of Cisco Webex Services which could allow an unauthenticated, remote attacker to impersonate legitimate users and gain unauthorized access to Webex services of the targeted user.

Target Audience:

All IT administrators and individuals responsible for managing Cisco Webex environments, particularly those using Single Sign-On (SSO) integration with Control Hub.

Risk Assessment:

High risk of unauthorized access and potential compromise of enterprise communication systems.

Impact Assessment:

Potential impact on confidentiality, integrity, and availability of the system.

Description

This vulnerability exists due to improper certificate validation within the Single Sign-On (SSO) implementation of Cisco Webex Services. An attacker could exploit this vulnerability by supplying a forged or untrusted certificate during the authentication exchange, allowing them to bypass identity verification controls.

Successful exploitation of this vulnerability could allow an attacker to impersonate legitimate users and gain unauthorized access to Webex services of the targeted user.

Solution

Apply appropriate updates as mentioned in Cisco Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL

Vendor Information

CISCO

https://www.cisco.com/

References

 

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL

CVE Name

CVE-2026-20184

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmnnk+IACgkQ3jCgcSdc

ys9qaw//Zv8+5meWKqSXQqTTFMZn8kczQ55br2VcWy5F5FxHzByVPBaFR+V/DZCI

IEmBIOeEyuLBCyIUD4kp9bIN6rDlwi5qXL1fFVFuzvMzD9cbYulKYj4cmqyL2n50

4xGrppc0HQSC4GTaerA/KHLk9oKPDoldeHW5M8ArL1OQdtHfsb+P5FPHvBpQpREU

k8HP1nUfz6wWpT6jk3ShSOJHuyuz62u/CI3H/v55hImQO6mfVtoReJRQKiNYcku5

gOAp0xHVCJIXTt1G1YVU7pIEjRj7Rrv2HcEo2OJMRS/SndZvM86fm6UHZecxoAZ3

BJW0ucwlivhgA9jRiEBcOIJorP1kCj/ImfbAb3RmGxDeZqbxptoIHRYZ6m6RYAfe

Y1aBX6UmIFAeItOSkAnFNZTqxaVyrmN3V8ef/JnLqizWeCnGtHjbUPYM6p4GClST

NMOWcH39c60GBPj7+6PSRL+QaUpshkQLWl3N36qZ0+B6ieDI7Z30lfW6kLBivf6S

i1T6hxvcr3oajl/4AB8f8K+E1rndi46QwNJ8LP5iv2qO3HgdDvZPh8i5WCqDUVMV

oIniqiG0kRdHSwM0xJoxxRTDctafpSjeWW5ksmcioHntmcXGkev87Y4Qw1lVwj/N

2x3l0P3XNIaROY4yzsV44tIPG1hcm3Ku1pimQbuoS2d5/2D1HYc=

=FVLV

—–END PGP SIGNATURE—–