Cisco Webex for BroadWorks Vulnerability Exposes User Credentials

Cisco has addressed a vulnerability in its Webex for BroadWorks platform that could potentially expose user credentials. The vulnerability, present in Release 45.2 when running in a Windows environment, stems from the exposure of sensitive information in SIP headers when unsecure transport is configured.

“A low-severity vulnerability in Cisco Webex for BroadWorks Release 45.2 could allow an unauthenticated, remote attacker to access data and credentials if unsecure transport is configured for the SIP communication,” Cisco explains in its security advisory.

A related issue was also identified where authenticated users’ credentials could be exposed in plain text within client and server logs. “A related issue could allow an authenticated user to access credentials in plain text in the client and server logs,” the advisory states.

Combined, these vulnerabilities could allow an attacker to gain unauthorized access to sensitive information and potentially impersonate users. “A malicious actor could exploit this vulnerability and the related issue to access data and credentials and impersonate the user,” Cisco warns.

Fortunately, Cisco has already implemented a configuration change to address these vulnerabilities. Users are encouraged to restart their Cisco Webex application to apply the update. “Cisco recommends that customers restart their Cisco Webex application to apply the configuration changes,” advises the security advisory.

As a further precaution, Cisco recommends rotating credentials to minimize the risk of unauthorized access. “Cisco also recommends rotating credentials to protect against the possibility that the credentials have been acquired by a malicious actor,” the advisory adds.

While Cisco PSIRT is not aware of any public announcements or malicious use of this vulnerability, it’s crucial for users to take proactive steps to secure their systems. Administrators can also configure secure transport for SIP communication to encrypt data in transit as a preventative measure.

Related Posts:

• Cisco Releases Critical Patch to Address RCE Vulnerability in WebEx Software
• Cisco Small Business Routers & Webex App Flaws
• CVE-2023-20238 (CVSS score of 10): Cisco BroadWorks Authentication Bypass Vulnerability
• Cisco Patches High-Severity Flaws in IP Phone, IND, BroadWorks Application Delivery Platform and Xtended Services products
• Cisco Addresses Key SSH Authentication and TCP Denial of Service Vulnerabilities