Ken Daniels shares why mentorship may be the most powerful investment we can make in each other’s (and our own) careers.
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
Cisco Identity Services Engine Authenticated Privilege Escalation Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-cmd-inj-5WSJcYJB?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Identity%20Services%20Engine%20Authenticated%20Privilege%20Escalation%20Vulnerability%26vs_k=1
A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, local attacker with administrative privileges to perform a command injection attack on the underlying operating system and elevate privileges to root.
This vulnerability is due to insufficient validation of user supplied input. An attacker could exploit this vulnerability by providing crafted input to a specific CLI command. A successful exploit could allow the attacker to elevate their privileges to root on the underlying operating system.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-cmd-inj-5WSJcYJB
Security Impact Rating: Medium
CVE: CVE-2026-20136
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-cmd-inj-5WSJcYJB?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Identity%20Services%20Engine%20Authenticated%20Privilege%20Escalation%20Vulnerability%26vs_k=1
A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, local attacker with administrative privileges to perform a command injection attack on the underlying operating system and elevate privileges to root.
This vulnerability is due to insufficient validation of user supplied input. An attacker could exploit this vulnerability by providing crafted input to a specific CLI command. A successful exploit could allow the attacker to elevate their privileges to root on the underlying operating system.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-cmd-inj-5WSJcYJB
Security Impact Rating: Medium
CVE: CVE-2026-20136
Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Identity%20Services%20Engine%20Remote%20Code%20Execution%20and%20Path%20Traversal%20Vulnerabilities%26vs_k=1
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker to achieve remote code execution or conduct path traversal attacks on an affected device. To exploit these vulnerabilities, the attacker must have valid administrative credentials.
For more information about these vulnerabilities, see the Details (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Identity%20Services%20Engine%20Remote%20Code%20Execution%20and%20Path%20Traversal%20Vulnerabilities%26vs_k=1#details) section of this advisory.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ
Security Impact Rating: Critical
CVE: CVE-2026-20147,CVE-2026-20148
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Identity%20Services%20Engine%20Remote%20Code%20Execution%20and%20Path%20Traversal%20Vulnerabilities%26vs_k=1
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker to achieve remote code execution or conduct path traversal attacks on an affected device. To exploit these vulnerabilities, the attacker must have valid administrative credentials.
For more information about these vulnerabilities, see the Details (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Identity%20Services%20Engine%20Remote%20Code%20Execution%20and%20Path%20Traversal%20Vulnerabilities%26vs_k=1#details) section of this advisory.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ
Security Impact Rating: Critical
CVE: CVE-2026-20147,CVE-2026-20148
Cisco Webex Services Certificate Validation Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Webex%20Services%20Certificate%20Validation%20Vulnerability%26vs_k=1
A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service.
This vulnerability existed because of improper certificate validation. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by connecting to a service endpoint and supplying a crafted token. A successful exploit could have allowed the attacker to gain unauthorized access to legitimate Cisco Webex services.
Cisco has addressed this vulnerability in the Cisco Webex service. However, customer action is necessary for affected organizations that are using SSO integration. There are no workarounds that address this vulnerability.
To avoid service interruption, customers who are using SSO should upload a new identity provider (IdP) SAML certificate to Control Hub. For more information, see Manage single sign-on integration in Control Hub (https://help.webex.com/en-us/article/nstvmyo/Manage-single-sign-on-integration-in-Control-Hub#task_394598AFBCD3D73A488E6DBB99AD3214).
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL
Security Impact Rating: Critical
CVE: CVE-2026-20184
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Webex%20Services%20Certificate%20Validation%20Vulnerability%26vs_k=1
A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service.
This vulnerability existed because of improper certificate validation. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by connecting to a service endpoint and supplying a crafted token. A successful exploit could have allowed the attacker to gain unauthorized access to legitimate Cisco Webex services.
Cisco has addressed this vulnerability in the Cisco Webex service. However, customer action is necessary for affected organizations that are using SSO integration. There are no workarounds that address this vulnerability.
To avoid service interruption, customers who are using SSO should upload a new identity provider (IdP) SAML certificate to Control Hub. For more information, see Manage single sign-on integration in Control Hub (https://help.webex.com/en-us/article/nstvmyo/Manage-single-sign-on-integration-in-Control-Hub#task_394598AFBCD3D73A488E6DBB99AD3214).
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL
Security Impact Rating: Critical
CVE: CVE-2026-20184
❤1
Cisco Identity Services Engine Remote Code Execution Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-4fverepv?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Identity%20Services%20Engine%20Remote%20Code%20Execution%20Vulnerabilities%26vs_k=1
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit these vulnerabilities, the attacker must have at least Read Only Admin credentials.
These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node Cisco ISE deployments, successful exploitation of these vulnerabilities could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-4fverepv
Security Impact Rating: Critical
CVE: CVE-2026-20180,CVE-2026-20186
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-4fverepv?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Identity%20Services%20Engine%20Remote%20Code%20Execution%20Vulnerabilities%26vs_k=1
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit these vulnerabilities, the attacker must have at least Read Only Admin credentials.
These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node Cisco ISE deployments, successful exploitation of these vulnerabilities could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-4fverepv
Security Impact Rating: Critical
CVE: CVE-2026-20180,CVE-2026-20186
❤1
Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isexss-BS8ctE7U?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Identity%20Services%20Engine%20Multiple%20Cross-Site%20Scripting%20Vulnerabilities%26vs_k=1
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative write privileges to conduct a stored cross-site scripting (XSS) attack or a reflected XSS attack against a user of the web-based management interface of an affected device.
These vulnerabilities are due to insufficient sanitization of user-supplied data that is stored in the web page. An attacker could exploit these vulnerabilities by convincing a user of the interface to click a specific link or view an affected web page. The injected script code may be executed in the context of the web-based management interface or allow the attacker to access sensitive browser-based information.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isexss-BS8ctE7U
Security Impact Rating: Medium
CVE: CVE-2026-20132
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isexss-BS8ctE7U?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Identity%20Services%20Engine%20Multiple%20Cross-Site%20Scripting%20Vulnerabilities%26vs_k=1
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative write privileges to conduct a stored cross-site scripting (XSS) attack or a reflected XSS attack against a user of the web-based management interface of an affected device.
These vulnerabilities are due to insufficient sanitization of user-supplied data that is stored in the web page. An attacker could exploit these vulnerabilities by convincing a user of the interface to click a specific link or view an affected web page. The injected script code may be executed in the context of the web-based management interface or allow the attacker to access sensitive browser-based information.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isexss-BS8ctE7U
Security Impact Rating: Medium
CVE: CVE-2026-20132
👍1
Cisco just made moves to own the AI infrastructure stack
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2026/m04/cisco-just-made-moves-to-own-the-ai-infrastructure-stack.html?source=rss
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2026/m04/cisco-just-made-moves-to-own-the-ai-infrastructure-stack.html?source=rss
By bulking up AI observability with Galileo and identity with Astrix, Cisco is repositioning its secure network as the control plane for the agentic era.
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
Churchill Downs Designates Cisco as Official Enterprise Networking and Network Infrastructure Partner of the Kentucky Derby
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2026/m04/churchill-downs-designates-cisco-as-official-enterprise-networking-and-network-infrastructure-partner-of-the-kentucky-derby.html?source=rss
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2026/m04/churchill-downs-designates-cisco-as-official-enterprise-networking-and-network-infrastructure-partner-of-the-kentucky-derby.html?source=rss
Cisco and Churchill Downs Incorporated today announced a multi-year partnership to significantly enhance the networking capabilities at the historic Churchill Downs Racetrack.
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
❤1
One day with our customers: driving better outcomes through customer centricity
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2026/m04/one-day-with-our-customers-driving-better-outcomes-through-customer-centricity.html?source=rss
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2026/m04/one-day-with-our-customers-driving-better-outcomes-through-customer-centricity.html?source=rss
Cisco’s "One Day at Your Customer" initiative brings teams into client sites to listen and learn, ensuring we better support their business and drive success.
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
👍2
From automation to autonomy: Cisco and Rockwell power a new era for manufacturing
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2026/m04/from-automation-to-autonomy-cisco-and-rockwell-power-a-new-era-for-manufacturing.html?source=rss
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2026/m04/from-automation-to-autonomy-cisco-and-rockwell-power-a-new-era-for-manufacturing.html?source=rss
❤1
Learn how Cisco's partnership with Rockwell is driving industrial autonomy, a key to enabling scalable infrastructure across all environments.
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
❤1
Next-level farming: vertical, efficient, and AI powered
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2026/m04/next-level-farming-vertical-efficient-and-ai-powered.html?source=rss
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2026/m04/next-level-farming-vertical-efficient-and-ai-powered.html?source=rss
❤1
Planet Farms’ Massimo Mistretta on how Cisco supports agriculture that addresses a changing climate, food access, soil depletion, and more.
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
❤2