Summary: Cisco has issued a warning about a vulnerability in Webex for BroadWorks that allows unauthenticated remote attackers to access sensitive credentials. The company has implemented a configuration change to address the flaw and recommends that customers restart their Cisco Webex app. Admins are advised to use secure transport for SIP communication while the fix is applied to their systems.
Affected: Cisco Webex for BroadWorks
Keypoints :
- Unauthenticated attackers could access credentials due to a low-severity vulnerability in Webex for BroadWorks Release 45.2.
- The vulnerability stems from sensitive information being exposed in SIP headers, impacting on-premises and hybrid cloud/on-premises instances in Windows environments.
- Cisco recommends rotating credentials and configuring secure SIP transport as temporary measures until the configuration update is in effect.