Cisco warned customers today of a vulnerability in Webex for BroadWorks that could let unauthenticated attackers access credentials remotely.
Webex for BroadWorks integrates Cisco Webex’s video conferencing and collaboration features with the BroadWorks unified communications platform.
While the company has yet to assign a CVE ID to track this security issue, Cisco says in a Tuesday security advisory that it already pushed a configuration change to address the flaw and advised customers to restart their Cisco Webex app to get the fix.
“A low-severity vulnerability in Cisco Webex for BroadWorks Release 45.2 could allow an unauthenticated, remote attacker to access data and credentials if unsecure transport is configured for the SIP communication,” Cisco explained.
“A related issue could allow an authenticated user to access credentials in plain text in the client and server logs. A malicious actor could exploit this vulnerability and the related issue to access data and credentials and impersonate the user.”
The vulnerability is caused by sensitive information exposed in the SIP headers and only affects Cisco BroadWorks (on-premises) and Cisco Webex for BroadWorks (hybrid cloud/on-premises) instances running in Windows environments.
Workaround available
The company advises admins to configure secure transport for SIP communication to encrypt data in transit as a temporary workaround until the configuration change reaches their environment.
“Cisco also recommends rotating credentials to protect against the possibility that the credentials have been acquired by a malicious actor,” the company added.
It also added that its Product Security Incident Response Team (PSIRT) has no evidence of malicious use in the wild or public announcements sharing further information on this vulnerability.
On Monday, CISA tagged another Cisco vulnerability (CVE-2023-20118) patched in January 2023 as actively exploited. This flaw allows attackers to execute arbitrary commands on Cisco RV016, RV042, RV042G, RV082, RV320, and RV325 VPN routers.
Last month, Recorded Future’s Insikt Group threat research division also reported that China’s Salt Typhoon hackers had breached more U.S. telecom providers via unpatched Cisco IOS XE network devices.
