Cisco has released security updates for Webex, IOS, and other products. Two of the vulnerabilities are rated High severity and should be prioritized.
One of the High severity vulnerabilities CVE-2019-16005 affects the web-based management interface of Cisco Webex Video Mesh. As a result, an authenticated, remote attacker could execute arbitrary commands on the affected system.
“A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges on a targeted node,” Cisco warned.
The other High severity vulnerability CVE-2019-16009 affects the web UI of Cisco IOS and Cisco IOS XE Software. As a results, an unauthenticated, remote attacker could launch a cross-site request forgery (CSRF) attack on an affected system.
In addition, Cisco patched twelve (12) other Medium vulnerabilities for multiple products to include Webex Centers, Cisco Mobility Management, Identity Services Engine, IP Phone models (multiple) and others.
Cisco released the advisories on January 8. So patches should be applied to affected devices as soon as possible.
Administrators can also check out a previous Cisco advisory from January 2 for three critical vulnerabilities in Data Center Network Manager software.