Article Details
Scrape Timestamp (UTC): 2025-03-04 18:47:05.090
Original Article Text
Click to Toggle View
Cisco warns of Webex for BroadWorks flaw exposing credentials. Cisco warned customers today of a vulnerability in Webex for BroadWorks that could let unauthenticated attackers access credentials remotely. Webex for BroadWorks integrates Cisco Webex's video conferencing and collaboration features with the BroadWorks unified communications platform. While the company has yet to assign a CVE ID to track this security issue, Cisco says in a Tuesday security advisory that it already pushed a configuration change to address the flaw and advised customers to restart their Cisco Webex app to get the fix. "A low-severity vulnerability in Cisco Webex for BroadWorks Release 45.2 could allow an unauthenticated, remote attacker to access data and credentials if unsecure transport is configured for the SIP communication," Cisco explained. "A related issue could allow an authenticated user to access credentials in plain text in the client and server logs. A malicious actor could exploit this vulnerability and the related issue to access data and credentials and impersonate the user." The vulnerability is caused by sensitive information exposed in the SIP headers and only affects Cisco BroadWorks (on-premises) and Cisco Webex for BroadWorks (hybrid cloud/on-premises) instances running in Windows environments. Workaround available The company advises admins to configure secure transport for SIP communication to encrypt data in transit as a temporary workaround until the configuration change reaches their environment. "Cisco also recommends rotating credentials to protect against the possibility that the credentials have been acquired by a malicious actor," the company added. It also added that its Product Security Incident Response Team (PSIRT) has no evidence of malicious use in the wild or public announcements sharing further information on this vulnerability. On Monday, CISA tagged another Cisco vulnerability (CVE-2023-20118) patched in January 2023 as actively exploited. This flaw allows attackers to execute arbitrary commands on Cisco RV016, RV042, RV042G, RV082, RV320, and RV325 VPN routers. Last month, Recorded Future's Insikt Group threat research division also reported that China's Salt Typhoon hackers had breached more U.S. telecom providers via unpatched Cisco IOS XE network devices.
Daily Brief Summary
Cisco alerted customers about a vulnerability in Webex for BroadWorks that could allow unauthenticated, remote attackers to access sensitive data and credentials.
The issue affects Webex for BroadWorks Release 45.2 in on-premises and hybrid cloud/on-premises environments, specifically those running on Windows.
Sensitive information was found exposed in SIP headers due to misconfiguration of secure transport protocols.
Cisco has implemented a configuration change to rectify the flaw and advised customers to restart their Webex apps to ensure the update is applied.
As a temporary measure, Cisco recommended that administrators configure secure transport for SIP communications to encrypt data in transit and suggested credential rotation as a precaution.
The vulnerability has not been assigned a CVE ID yet and there is no evidence of exploitation in the wild or public disclosures of the vulnerability.
In contrast, another Cisco flaw (CVE-2023-20118) in certain VPN routers was recently reported as actively exploited, emphasizing ongoing security challenges.