Cisco Systems has disclosed a security advisory regarding a newly discovered credential exposure vulnerability in Webex for BroadWorks. Cisco has confirmed that the vulnerability exclusively affects Release 45.2, which runs on the Windows environment. Non-Windows environments like Linux and macOS implementations remain unaffected. This low-severity flaw could let an unauthorized remote attacker access sensitive data and user credentials on Cisco’s Webex platform if Session Initiation Protocol (SIP), a signaling protocol communication, uses insecure transport.
This vulnerability, with significant operational risk, arises due to sensitive information being exposed in SIP headers when unsecure transport is configured for its communication. Additionally, a related issue may permit authenticated users who have access to client and server logs to view credentials in plain text.
In a vulnerable deployment, an attacker could exploit this weakness to intercept traffic and capture authentication headers, potentially exposing user credentials. This could allow them to impersonate legitimate users, granting unauthorized access to linked services and exposing session details. As a result, they could hijack active calls or meetings. The widespread usage of Webex in enterprise environments raises significant risks to data security and operational continuity.
Cisco has already addressed this issue and has automatically rolled out the fixes in BroadWorks Release 45.2. To apply these configuration changes, administrators must restart their Webex application. Cisco also suggests rotating the credentials to reduce the chance that malicious actors may have exploited compromised ones. A temporary workaround has also been provided for users to address the issue:
- Configure encrypted SIP transport: Enable TLS 1.2+ and SRTP (Secure Real-Time Protocol) to secure SIP traffic and protect data during transmission.
- Rotate the credentials: Change credentials for all BroadWorks-integrated accounts to prevent unauthorized access.
- Audit log storage permissions: Restrict access to plaintext credentials by reviewing and adjusting log storage permissions to prevent potential exposure.
While the fixes are deployed, users should remain alert and take proactive steps to safeguard their systems against potential exploitation. This case highlights the importance of proactive security measures to protect against credential exposure risks in enterprise communication platforms. Organizations should prioritize securing their systems against vulnerabilities by implementing strong encryption, strict access controls, and regular security audits to protect against potential threats.
