Cisco Webex for BroadWorks Vulnerability Let Remote Attackers Access Data & Credentials

A newly disclosed vulnerability in Cisco Webex for BroadWorks Release 45.2 enables remote attackers to intercept sensitive credentials and user data when Session Initiation Protocol (SIP) communications lack encryption.

This vulnerability, rated as low severity but with significant operational implications, highlights risks in hybrid telephony deployments relying on unsecured transport protocols.

The vulnerability arises from improper handling of SIP headers metadata packets used to establish voice and video sessions—in Windows-based environments. 

Cisco Webex for BroadWorks Vulnerability

When organizations configure SIP without Transport Layer Security (TLS) or Secure Real-Time Transport Protocol (SRTP), authentication credentials embedded in these headers become exposed. 

Attackers on the same network segment can exploit this via man-in-the-middle (MitM) attacks to capture credentials such as usernames, passwords, and session tokens.

A secondary issue exacerbates the risk: authenticated users with log access can extract plaintext credentials from client and server logs. 

This dual exposure vector enables credential harvesting for lateral movement or impersonation attacks. 

Cisco confirmed the flaw exclusively affects Release 45.2 running on Windows servers, including hybrid cloud/on-premises deployments. Linux and macOS implementations remain unaffected.

SIP, a cornerstone of VoIP systems, transmits signaling data in cleartext unless encrypted. In vulnerable configurations, attackers intercepting SIP traffic can:

• Reconstruct authentication headers to steal credentials.
• Impersonate legitimate users to access collaboration tools or linked services.
• Extract session details to hijack active calls or meetings.

The flaw’s low attack complexity (CVSSv4.0: 0.6) and lack of required privileges make it accessible to opportunistic actors. 

Currently, the Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerability or public announcements.

Mitigation Strategies and Patch Deployment

Cisco automatically pushed configuration updates to enforce TLS/SRTP for SIP, but administrators must restart Webex applications to activate changes. Temporary workarounds include:

• Enforcing encrypted SIP transport via TLS 1.2+ and SRTP.
• Rotating credentials for all BroadWorks-integrated accounts.
• Auditing log storage permissions to restrict plaintext credential access.

Hybrid deployments using Cisco Unified Border Element (CUBE) or third-party session border controllers (SBCs) must verify SIP header encryption end-to-end. 

Network segmentation and intrusion detection systems (IDS) can further isolate vulnerable components during patching.

Organizations using Cisco Webex for BroadWorks Release 45.2 on Windows must prioritize restarts and encryption audits. 

As unified communications evolve, balancing legacy system integration with modern security protocols remains critical to thwarting opportunistic attacks.

Collect Threat Intelligence on the Latest Malware and Phishing Attacks with ANY.RUN TI Lookup -> Try for free

The post Cisco Webex for BroadWorks Vulnerability Let Remote Attackers Access Data & Credentials appeared first on Cyber Security News.