Cisco Webex for BroadWorks Flaw Opens Door for Attackers to Access Credentials

Cisco Systems has disclosed a security vulnerability in its Webex for BroadWorks unified communications platform that could allow attackers to intercept sensitive credentials and user data under specific configurations.

The flaw, tracked as CSCwo20742 and classified as a low-severity issue, impacts organizations using Release 45.2 of the software in Windows-based environments, prompting Cisco to release configuration-based fixes and recommend immediate application restarts.

Vulnerability Mechanics and Exploitation Risks

The vulnerability stems from insecure Session Initiation Protocol (SIP) transport configurations, which expose authentication headers containing user credentials during communication between clients and servers.

SIP, a signaling protocol widely used for voice and video calls, transmits metadata in plaintext unless encrypted.

In affected deployments, attackers could intercept these headers via man-in-the-middle (MitM) attacks, potentially gaining unauthorized access to systems by impersonating legitimate users.

A related issue exacerbates the risk: authenticated users with access to client or server logs could extract credentials stored in plaintext.

This dual exposure vector increases the likelihood of credential theft, particularly in hybrid cloud or on-premises deployments where Windows servers are prevalent.

While Cisco has not observed active exploitation in the wild, the company warns that the flaw’s low complexity and lack of required privileges make it an attractive target for opportunistic attacks.

Affected Systems and Mitigation Strategies

The vulnerability exclusively impacts Cisco Webex for BroadWorks Release 45.2 running on Windows servers. Hybrid deployments combining on-premises and cloud infrastructure are also at risk, while Linux or macOS environments remain unaffected.

Cisco has automatically deployed configuration updates to enforce secure SIP transport protocols like TLS and SRTP, but administrators must restart their applications to activate these changes.

For organizations unable to implement the patch immediately, Cisco recommends manually configuring SIP communication to use encryption protocols.

This workaround prevents header interception but requires administrators to verify compatibility with existing telephony infrastructure.

The company further advises credential rotation for all user accounts associated with Webex for BroadWorks to mitigate potential breaches resulting from prior exposure.

This incident highlights persistent risks in legacy communication protocols like SIP, which were not designed with modern encryption standards.

Analysts note that 32% of enterprise VoIP systems still operate unencrypted SIP trunks, per 2024 data from the Telecommunications Industry Association.

Cisco’s rapid patch deployment reflects growing industry pressure to address vulnerabilities in hybrid work tools, which have become critical infrastructure for global businesses since the pandemic.

This disclosure follows a 17% year-over-year increase in VoIP-related vulnerabilities reported in 2024, underscoring the need for rigorous protocol hardening in enterprise communication ecosystems.

As hybrid work models persist, maintaining secure transport layers remains paramount to thwarting credential-based attacks.

Collect Threat Intelligence on the Latest Malware and Phishing Attacks with ANY.RUN TI Lookup -> Try for free