Security News > 2020 > January > Ding-dong: Cisco delivers your Patch Tuesday warm-up with WebEx, IOS fixes for a few irritating security holes
Cisco has released a fresh batch of security updates for its networking and comms gear lines.
The high-priority patch this month is the fix for CVE-2019-16009, a cross-site request forgery, in the web UI of Cisco IOS and Cisco IOS XE that can be exploited to steal credentials from users via malicious links.
"A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user," Cisco said of the bug.
CVE-2019-15255 describes a security bypass flaw in the Cisco Identity Services Engine.
Admins would be well-advised to test and install all applicable Cisco patches before next Tuesday, when Microsoft, Adobe, and SAP are all set to drop their scheduled January security updates.
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/01/10/cisco_january_patches/
Related news
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- Cisco IOS XR vulnerability lets attackers crash BGP on routers (source)
- Week in review: Probing activity on Palo Alto Networks GlobalProtect portals, Patch Tuesday forecast (source)
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- April's Patch Tuesday leaves unlucky Windows Hello users unable to login (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-23 | CVE-2019-16009 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco IOS A vulnerability in the web UI of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 8.8 |
| 2020-01-26 | CVE-2019-15255 | Unspecified vulnerability in Cisco Identity Services Engine 2.2/2.2(0.470) A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access sensitive information related to the device. | 6.5 |