Cisco
released 14
security advisories
on January 8 with two being rated as having a
potentially high impact and the remainder listed as medium issues.

The two rated
high are CVE-2019-16005 and CVE-2019-16009.

The first is
a Cisco Webex video mesh node comm and injection vulnerability that if exploited
could allow an authenticated, remote attacker to execute arbitrary commands on
the affected system.

The latter
is a vulnerability in the web UI of Cisco IOS and Cisco IOS XE Software could
allow an unauthenticated, remote attacker to conduct a cross-site request
forgery (CSRF) attack on an affected system. This is due to insufficient CSRF
protections for the web UI on an affected device.

The medium-rated
CVE-2020-3116 is vulnerability in the way Cisco Webex applications process
Universal Communications Format (UCF) files that could allow an attacker to
cause a DoS condition. This flaw can be exploited if an attacker sends a user a
malicious UCF file through a link or email attachment and persuades the user to
open the file with the affected software on the local system.

The company
also noted a vulnerability in the web-based GUI of its IP Phone 6800, 7800, and
8800 Series with Multiplatform Firmware. If exploited it could allow an
authenticated, remote attacker to conduct a XSS attack against a user of the
web-based interface of an affected system.

Patches are
available for all the vulnerabilities and Cisco recommends users update their
systems accordingly.