Cisco has issued a warning to Webex for BroadWorks users after discovering a concerning security flaw.
“A malicious actor could exploit this vulnerability and the related issue to access data and credentials and impersonate the user,”
Cisco wrote on its security advisories blog.
Aimed at Webex for BroadWorks users, the vulnerability could allow threat actors to access sensitive data remotely.
Vulnerability and Discovery
Cisco Webex for BroadWorks is a cloud collaboration solution owned by the IT company. Its setup means it can integrate Webex with BroadWorks services through a single platform (the Webex App) to take advantage of features provided by both platforms. Therefore, a risk leveled at BroadWorks can potentially wreak havoc on Webex, too.
The vulnerability, Cisco explains, is due to the exposure of sensitive information in the SIP headers. Deemed a “low-severity” vulnerability in the app’s Release 45.2, it gives malicious actors access to sensitive data if unsecure transport is configured for the SIP communication.
Cisco also added that it discovered a related issue that could allow an authenticated user to access credentials in plain text in the client and server logs.
The vulnerability is reported to only affect Cisco BroadWorks (on-premises) and Cisco Webex for BroadWorks (hybrid cloud/on-premises) instances running in Windows environments.
Having spotted the vulnerability, Cisco is now urging customers to apply the patch to plug the security flaw.
Fixing the Flaw
Cisco says it has already pushed a configuration change to address the flaw and the related issue. Yet, users are recommended to restart their Cisco Webex applications to apply the changes.
For those who would rather deploy a workaround, Cisco said admins could configure secure transport for SIP communication to encrypt data in transit as a temporary workaround until the configuration change reaches their environment.
“Cisco also recommends rotating credentials to protect against the possibility that the credentials have been acquired by a malicious actor,” the advisory stated. It also added that its Product Security Incident Response Team (PSIRT) has no evidence of bad actors exploiting this vulnerability.
