Cyber Security News

Cisco Webex for BroadWorks Flaw Opens Door for Attackers to Access Credentials

Cisco Systems has disclosed a security vulnerability in its Webex for BroadWorks unified communications platform that could allow attackers to intercept sensitive credentials and user data under specific configurations.

The flaw, tracked as CSCwo20742 and classified as a low-severity issue, impacts organizations using Release 45.2 of the software in Windows-based environments, prompting Cisco to release configuration-based fixes and recommend immediate application restarts.

Vulnerability Mechanics and Exploitation Risks

The vulnerability stems from insecure Session Initiation Protocol (SIP) transport configurations, which expose authentication headers containing user credentials during communication between clients and servers.

SIP, a signaling protocol widely used for voice and video calls, transmits metadata in plaintext unless encrypted.

In affected deployments, attackers could intercept these headers via man-in-the-middle (MitM) attacks, potentially gaining unauthorized access to systems by impersonating legitimate users.

A related issue exacerbates the risk: authenticated users with access to client or server logs could extract credentials stored in plaintext.

This dual exposure vector increases the likelihood of credential theft, particularly in hybrid cloud or on-premises deployments where Windows servers are prevalent.

While Cisco has not observed active exploitation in the wild, the company warns that the flaw’s low complexity and lack of required privileges make it an attractive target for opportunistic attacks.

Affected Systems and Mitigation Strategies

The vulnerability exclusively impacts Cisco Webex for BroadWorks Release 45.2 running on Windows servers. Hybrid deployments combining on-premises and cloud infrastructure are also at risk, while Linux or macOS environments remain unaffected.

Cisco has automatically deployed configuration updates to enforce secure SIP transport protocols like TLS and SRTP, but administrators must restart their applications to activate these changes.

For organizations unable to implement the patch immediately, Cisco recommends manually configuring SIP communication to use encryption protocols.

This workaround prevents header interception but requires administrators to verify compatibility with existing telephony infrastructure.

The company further advises credential rotation for all user accounts associated with Webex for BroadWorks to mitigate potential breaches resulting from prior exposure.

This incident highlights persistent risks in legacy communication protocols like SIP, which were not designed with modern encryption standards.

Analysts note that 32% of enterprise VoIP systems still operate unencrypted SIP trunks, per 2024 data from the Telecommunications Industry Association.

Cisco’s rapid patch deployment reflects growing industry pressure to address vulnerabilities in hybrid work tools, which have become critical infrastructure for global businesses since the pandemic.

This disclosure follows a 17% year-over-year increase in VoIP-related vulnerabilities reported in 2024, underscoring the need for rigorous protocol hardening in enterprise communication ecosystems.

As hybrid work models persist, maintaining secure transport layers remains paramount to thwarting credential-based attacks.

Collect Threat Intelligence on the Latest Malware and Phishing Attacks with ANY.RUN TI Lookup -> Try for free

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Researchers Simulate DPRK’s Largest Cryptocurrency Heist Through Compromised macOS Developer and AWS Pivoting

Security researchers at Elastic have recreated the intricate details of the February 21, 2025, ByBit…

8 minutes ago

Lampion Banking Malware Uses ClickFix Lures to Steal Banking Credentials

Unit 42 researchers at Palo Alto Networks, a highly targeted malicious campaign orchestrated by the…

15 minutes ago

DragonForce: Emerging Hybrid Cyber Threat in the 2025 Ransomware Landscape

DragonForce has swiftly risen as a formidable player in 2025, embodying a hybrid threat that…

22 minutes ago

Mirai Botnet Actively Targeting GeoVision IoT Devices for Command Injection Exploits

The Akamai Security Intelligence and Response Team (SIRT) has identified active exploitation of command injection…

59 minutes ago

IBM Cognos Analytics Security Vulnerability Allowed Unauthorized File Uploads

 IBM has issued a security bulletin addressing two newly discovered, high-severity vulnerabilities in its Cognos…

2 hours ago

Critical AWS Amplify Studio Flaw Allowed Attackers to Execute Arbitrary Code

Amazon Web Services (AWS) has addressed a critical security flaw (CVE-2025-4318) in its AWS Amplify Studio platform,…

2 hours ago