Cisco warns of Webex for BroadWorks flaw exposing credentials
Cisco warned customers today of a vulnerability in Webex for BroadWorks that could let unauthenticated attackers access credentials remotely.
Webex for BroadWorks integrates Cisco Webex's video conferencing and collaboration features with the BroadWorks unified communications platform.
While the company has yet to assign a CVE ID to track this security issue, Cisco says in a Tuesday security advisory that it already pushed a configuration change to address the flaw and advised customers to restart their Cisco Webex app to get the fix.
"A low-severity vulnerability in Cisco Webex for BroadWorks Release 45.2 could allow an unauthenticated, remote attacker to access data and credentials if unsecure transport is configured for the SIP communication," Cisco explained.
"A related issue could allow an authenticated user to access credentials in plain text in the client and server logs. A malicious actor could exploit this vulnerability and the related issue to access data and credentials and impersonate the user."
The vulnerability is caused by sensitive information exposed in the SIP headers and only affects Cisco BroadWorks (on-premises) and Cisco Webex for BroadWorks (hybrid cloud/on-premises) instances running in Windows environments.
Workaround available
The company advises admins to configure secure transport for SIP communication to encrypt data in transit as a temporary workaround until the configuration change reaches their environment.
"Cisco also recommends rotating credentials to protect against the possibility that the credentials have been acquired by a malicious actor," the company added.
It also added that its Product Security Incident Response Team (PSIRT) has no evidence of malicious use in the wild or public announcements sharing further information on this vulnerability.
On Monday, CISA tagged another Cisco vulnerability (CVE-2023-20118) patched in January 2023 as actively exploited. This flaw allows attackers to execute arbitrary commands on Cisco RV016, RV042, RV042G, RV082, RV320, and RV325 VPN routers.
Last month, Recorded Future's Insikt Group threat research division also reported that China's Salt Typhoon hackers had breached more U.S. telecom providers via unpatched Cisco IOS XE network devices.
VMware Security Flaws Exploited in the Wild—Broadcom Releases Urgent Patches
Google expands Android AI scam detection to more Pixel devices
CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2025-30154 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability
CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
LowServer Leaks Information via "X-Powered-By" HTTP Response Header Field(s)
InformationalASP.NET ViewState Disclosure
InformationalImage Exposes Location or Privacy Data
LowInformation Disclosure - Sensitive Information in Browser sessionStorage
MediumParameter Tampering
InformationalSec-Fetch-Site Header Has an Invalid Value
InformationalCookie Slack Detector
Free online web security scanner
