- Cisco warn of new vulnerability in Webex for BroadWorks
- The flaw allowed threat actors to steal sensitive files remotely
- A fix was already deployed, and users should update immediately
Cisco has warned Webex for BroadWorks users of a vulnerability that could allow threat actors to access sensitive data remotely.
Cisco Webex for BroadWorks is a cloud collaboration solution that integrates the video conferencing tool with BroadWorks-based service provider networks, offering messaging, calling, and meeting capabilities for businesses.
In a security advisory published on Cisco’s website, the company said that it uncovered a low-severity vulnerability in the app’s Release 45.2, which allowed malicious actors access to sensitive data if unsecure transport is configured for the SIP communication.
Exploiting the flaw
“This vulnerability is due to the exposure of sensitive information in the SIP headers,” Cisco explained.
It also added that it discovered a related issue that could allow an unauthenticated user to access credentials in plain text, in the client and server logs.
“A malicious actor could exploit this vulnerability and the related issue to access data and credentials and impersonate the user,” Cisco warned.
Since the company already made a configuration change that will fix both the vulnerability and the related issue, users are recommended to restart their Cisco Webex applications to apply the changes. For those who would rather deploy a workaround, Cisco said admins could configure secure transport for SIP communication to encrypt data in transit.
“Cisco also recommends rotating credentials to protect against the possibility that the credentials have been acquired by a malicious actor,” the advisory concludes. So far, there has been no evidence that the vulnerability was abused in the wild.
In early February 2025, Cisco released patches for two critical-severity vulnerabilities plaguing its Identity Services Engine (ISE) solution. Both could have been used to run arbitrary commands and steal sensitive information.
Since the fix was already deployed, it advised its customers to restart the application to apply the configuration changes.
Via BleepingComputer
Leave a comment