Security News > 2020 > January > Ding-dong: Cisco delivers your Patch Tuesday warm-up with WebEx, IOS fixes for a few irritating security holes
Cisco has released a fresh batch of security updates for its networking and comms gear lines.
The high-priority patch this month is the fix for CVE-2019-16009, a cross-site request forgery, in the web UI of Cisco IOS and Cisco IOS XE that can be exploited to steal credentials from users via malicious links.
"A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user," Cisco said of the bug.
CVE-2019-15255 describes a security bypass flaw in the Cisco Identity Services Engine.
Admins would be well-advised to test and install all applicable Cisco patches before next Tuesday, when Microsoft, Adobe, and SAP are all set to drop their scheduled January security updates.
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/01/10/cisco_january_patches/
Related news
- Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs (source)
- April 2024 Patch Tuesday forecast: New and old from Microsoft (source)
- Cisco creates architecture to improve security and sell you new switches (source)
- Governments issue alerts after 'sophisticated' state-backed actor found exploiting flaws in Cisco security boxes (source)
- May 2024 Patch Tuesday forecast: A reminder of recent threats and impact (source)
- Week in review: Veeam fixes RCE flaw in backup management platform, Patch Tuesday forecast (source)
- Apple backports iOS zero-day patch, adds Bluetooth tracker alert (source)
- Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws (source)
- May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040) (source)
- Cisco’s Splunk Acquisition Should Help Security Pros See Threats Sooner in Australia and New Zealand (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-01-26 | CVE-2019-15255 | Missing Authorization vulnerability in Cisco Identity Services Engine 2.2/2.2(0.470) A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access sensitive information related to the device. | 4.0 |