Alert GCSA-26066 - Vulnerabilita' critiche in prodotti Cisco

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ****************************************************************** alert ID: GCSA-26066 data: 16 aprile 2026 titolo: Vulnerabilita' critiche in prodotti Cisco ****************************************************************** :: Descrizione del problema Cisco ha pubblicato alcuni avvisi di sicurezza, con i quali vengono risolte 15 vulnerabilita', delle quali 4 di livello critico, relative ai prodotti Webex Meetings, Identity Services Engine (ISE) e ISE Passive Identity Connector (ISE-PIC). Maggiori informazioni sono disponibili alla sezione "Riferimenti". :: Apparati interessati Cisco ISE (Identity Services Engine) Cisco ISE-PIC (ISE Passive Identity Connector) Cisco Webex Cisco Secure Web Appliance Cisco Unity Connection Cisco ThousandEyes Enterprise Agent Per una descrizione completa dei dispositivi interessati, si prega di fare riferimento ai Security Advisories ufficiali. :: Impatto Esecuzione remota di codice arbitrario (RCE) Cross Site Scripting (XSS) Bypass delle funzionalita' di sicurezza (SFB) Denial of Service (DoS) Spoofing (Provide Misleading Information) :: Soluzioni Si consiglia di valutare l'impatto delle vulnerabilita' sui dispositivi in uso, e di aggiornare il prima possibile. E' possibile utilizzare Cisco Software Checker https://sec.cloudapps.cisco.com/security/center/softwarechecker.x per determinare il patching appropriato. Prima dell'installazione del software consultare il sito del fornitore per maggiori dettagli. :: Riferimenti Cisco Security Advisories https://sec.cloudapps.cisco.com/security/center/publicationListing.x Cisco Identity Services Engine (ISE) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isexss-BS8ctE7U https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-4fverepv https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-cmd-inj-5WSJcYJB https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ Cisco Unity Connection https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-file-download-RmKEVWPx https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-vulns-n2EJSbbw Cisco Webex Contact Center https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webexcc-xss-WEX5nUnA Cisco Webex Services https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL Cisco Secure Web Appliance https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-auth-bypass-6YZkTQhd Cisco ThousandEyes Enterprise Agent https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-te-agentfilewrite-tqUw3SMU Bleeping Computer https://www.bleepingcomputer.com/news/security/cisco-says-critical-webex-services-flaw-requires-customer-action/ SecurityWeek https://www.securityweek.com/cisco-patches-critical-vulnerabilities-in-webex-ise/ The Hacker News https://thehackernews.com/2026/04/cisco-patches-four-critical-identity.html Mitre CVE I riferimenti CVE sono disponibili negli advisory del produttore. GARR CERT Security Alert - subscribe/unsubscribe: https://www.cert.garr.it/alert/ricevi-gli-alert-di-cert -----BEGIN PGP SIGNATURE----- iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCaeEOiAAKCRDBnEyTZRJg QqqpAKDGw98bFTT5shGsY5n2eGGvDlqZuwCgquzrpfwMBZOFdUhchddLrF8VP8w= =VvB0 -----END PGP SIGNATURE-----