Skip to main content

Cisco delivers your Patch Tuesday warm-up with WebEx, IOS fixes for a few irritating security holes

posted onJanuary 10, 2020
by l33tdawg
The Register
Credit: The Register

Cisco has released a fresh batch of security updates for its networking and comms gear lines.

The high-priority patch this month is the fix for CVE-2019-16009, a cross-site request forgery, in the web UI of Cisco IOS and Cisco IOS XE that can be exploited to steal credentials from users via malicious links.

"A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user," Cisco said of the bug. "If the user has administrative privileges, the attacker could alter the configuration, execute commands, or reload an affected device." Also getting a high-risk designation was CVE-2019-16005, a command injection vulnerability in WebEx Video Mesh. In that case, an attacker would need to already have admin privileges in WebEx, but then would be able to use the app's interface to send commands to the host machine. In other words, you go from being an admin on one app to being an admin on the whole machine, and there are no workarounds, so patch this one fast.

Source

Tags

Security

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th