Please be advised that Cisco announced the following critical impact security vulnerability.
A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service.
This vulnerability existed because of improper certificate validation. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by connecting to a service endpoint and supplying a crafted token. A successful exploit could have allowed the attacker to gain unauthorized access to legitimate Cisco Webex services.
Cisco has addressed this vulnerability in the Cisco Webex service. However, customer action is necessary for affected organizations that are using trust anchors with their SSO integration.
There are no workarounds that address this vulnerability.
To avoid service interruption, customers who are using trust anchors with their SSO integration should upload a new identity provider (IdP) SAML certificate to Control Hub. For more information, see Manage single sign-on integration in Control Hub.
Full description of the vulnerability is available on the following link:
This vulnerability affected Cisco Webex Services, which are cloud-based, when they were configured to use trust anchors within the SSO integration with Control Hub.
Determine Whether Trust Anchors Are in Use
Only customers who use trust anchors were affected by this vulnerability. To determine whether trust anchors are in use, log in to the Webex Control Hub and verify the SSO configuration.
Fixed Software
To avoid service interruption, customers who are using trust anchors with their SSO integration should upload a new identity provider (IdP) SAML certificate to Control Hub. For more information, see Manage single sign-on integration in Control Hub.
Customers who need additional information are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Service notice
Bookmark our website so you don't miss out on updates and actions you may need to take.