Alert GCSA-26076 - Vulnerabilita' in prodotti Cisco

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ****************************************************************** alert ID: GCSA-26076 data: 07 maggio 2026 titolo: Vulnerabilita' in prodotti Cisco ****************************************************************** :: Descrizione del problema Cisco ha pubblicato alcuni avvisi di sicurezza, con i quali vengono risolte 13 vulnerabilita', delle quali 5 di livello alto. Maggiori informazioni sono disponibili alla sezione "Riferimenti". :: Apparati e software interessati Cisco Unity Connection Cisco Enterprise Chat and Email (ECE) Cisco Identity Services Engine (ISE) Cisco Prime Infrastructure Cisco Slido Cisco IoT Field Network Director (FND) Cisco Crosswork Network Controller (CNC) Cisco Network Services Orchestrator (NSO) Cisco SG350 e SG350X Series Managed Switches Per una descrizione completa dei dispositivi interessati, si prega di far riferimento ai Security Advisories ufficiali. :: Impatto Esecuzione remota di codice arbitrario (RCE) Bypass delle funzionalita' di sicurezza (SFB) Denial of Service (DoS) Accesso a dati riservati (ID) Server-side Request Forgery (SSRF) Cross-site Scripting (XSS) :: Soluzioni Si consiglia di valutare l'impatto delle vulnerabilita' sui dispositivi in uso, e di aggiornare il prima possibile. E' possibile utilizzare Cisco Software Checker https://sec.cloudapps.cisco.com/security/center/softwarechecker.x per determinare il patching appropriato. Prima dell'installazione del software consultare il sito del fornitore per maggiori dettagli. :: Riferimenti Cisco Security Advisories https://sec.cloudapps.cisco.com/security/center/publicationListing.x Cisco Unity Connection https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-rce-ssrf-hENhuASy Cisco Enterprise Chat and Email (ECE) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-lite-agent-BCgSN8eb Cisco Identity Services Engine (ISE) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-bypass-uxjRXGpb https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-42tgsdMG Cisco Prime Infrastructure https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-unauth-infodiscl-LFnLgmey Cisco Slido https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-slido-idor-CpsFmKxN Cisco IoT Field Network Director (FND) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iot-fnd-dos-n8N26Q4u Cisco Crosswork Network Controller (CNC) and Cisco Network Services Orchestrator (NSO) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-dos-7Egqyc Cisco SG350 and SG350X Series Managed Switches https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg350-snmp-dos-GEFZr2Tj Bleeping Computer https://www.bleepingcomputer.com/news/security/new-cisco-dos-flaw-requires-manual-reboot-to-revive-devices/ Mitre CVE https://www.cve.org/CVERecord?id=CVE-2026-20034 https://www.cve.org/CVERecord?id=CVE-2026-20035 https://www.cve.org/CVERecord?id=CVE-2026-20172 https://www.cve.org/CVERecord?id=CVE-2026-20193 https://www.cve.org/CVERecord?id=CVE-2026-20195 https://www.cve.org/CVERecord?id=CVE-2026-20189 https://www.cve.org/CVERecord?id=CVE-2026-20219 https://www.cve.org/CVERecord?id=CVE-2026-20167 https://www.cve.org/CVERecord?id=CVE-2026-20168 https://www.cve.org/CVERecord?id=CVE-2026-20169 https://www.cve.org/CVERecord?id=CVE-2026-20188 https://www.cve.org/CVERecord?id=CVE-2026-20185 GARR CERT Security Alert - subscribe/unsubscribe: https://www.cert.garr.it/alert/ricevi-gli-alert-di-cert -----BEGIN PGP SIGNATURE----- iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCafxuXQAKCRDBnEyTZRJg QrJ5AJ9oibg4xQ6AgF8mruPoaeKsOetiygCdEpmdzGZBIfHujzixWhPY3vZ4ReU= =SZJp -----END PGP SIGNATURE-----