Source: National Cyber Security – Produced By Gregory Evans
Cisco
released 14
security advisories on January 8 with two being rated as having a
potentially high impact and the remainder listed as medium issues.
The two rated
high are CVE-2019-16005 and CVE-2019-16009.
The first is
a Cisco Webex video mesh node comm and injection vulnerability that if exploited
could allow an authenticated, remote attacker to execute arbitrary commands on
the affected system.
The latter
is a vulnerability in the web UI of Cisco IOS and Cisco IOS XE Software could
allow an unauthenticated, remote attacker to conduct a cross-site request
forgery (CSRF) attack on an affected system. This is due to insufficient CSRF
protections for the web UI on an affected device.
The medium-rated
CVE-2020-3116 is vulnerability in the way Cisco Webex applications process
Universal Communications Format (UCF) files that could allow an attacker to
cause a DoS condition. This flaw can be exploited if an attacker sends a user a
malicious UCF file through a link or email attachment and persuades the user to
open the file with the affected software on the local system.
The company
also noted a vulnerability in the web-based GUI of its IP Phone 6800, 7800, and
8800 Series with Multiplatform Firmware. If exploited it could allow an
authenticated, remote attacker to conduct a XSS attack against a user of the
web-based interface of an affected system.
Patches are
available for all the vulnerabilities and Cisco recommends users update their
systems accordingly.
Want to read more?
Please login or register first to view this content.
Login
Register
Original Source link
The post #cybersecurity | hacker | Cisco patches multiple vulnerabilities | SC Media appeared first on National Cyber Security.