Cisco Systems has disclosed a security vulnerability in its Webex for BroadWorks unified communications platform that could allow attackers to intercept sensitive credentials and user data under specific configurations.
The flaw, tracked as CSCwo20742 and classified as a low-severity issue, impacts organizations using Release 45.2 of the software in Windows-based environments, prompting Cisco to release configuration-based fixes and recommend immediate application restarts.
The vulnerability stems from insecure Session Initiation Protocol (SIP) transport configurations, which expose authentication headers containing user credentials during communication between clients and servers.
SIP, a signaling protocol widely used for voice and video calls, transmits metadata in plaintext unless encrypted.
In affected deployments, attackers could intercept these headers via man-in-the-middle (MitM) attacks, potentially gaining unauthorized access to systems by impersonating legitimate users.
A related issue exacerbates the risk: authenticated users with access to client or server logs could extract credentials stored in plaintext.
This dual exposure vector increases the likelihood of credential theft, particularly in hybrid cloud or on-premises deployments where Windows servers are prevalent.
While Cisco has not observed active exploitation in the wild, the company warns that the flaw’s low complexity and lack of required privileges make it an attractive target for opportunistic attacks.
The vulnerability exclusively impacts Cisco Webex for BroadWorks Release 45.2 running on Windows servers. Hybrid deployments combining on-premises and cloud infrastructure are also at risk, while Linux or macOS environments remain unaffected.
Cisco has automatically deployed configuration updates to enforce secure SIP transport protocols like TLS and SRTP, but administrators must restart their applications to activate these changes.
For organizations unable to implement the patch immediately, Cisco recommends manually configuring SIP communication to use encryption protocols.
This workaround prevents header interception but requires administrators to verify compatibility with existing telephony infrastructure.
The company further advises credential rotation for all user accounts associated with Webex for BroadWorks to mitigate potential breaches resulting from prior exposure.
This incident highlights persistent risks in legacy communication protocols like SIP, which were not designed with modern encryption standards.
Analysts note that 32% of enterprise VoIP systems still operate unencrypted SIP trunks, per 2024 data from the Telecommunications Industry Association.
Cisco’s rapid patch deployment reflects growing industry pressure to address vulnerabilities in hybrid work tools, which have become critical infrastructure for global businesses since the pandemic.
This disclosure follows a 17% year-over-year increase in VoIP-related vulnerabilities reported in 2024, underscoring the need for rigorous protocol hardening in enterprise communication ecosystems.
As hybrid work models persist, maintaining secure transport layers remains paramount to thwarting credential-based attacks.
Collect Threat Intelligence on the Latest Malware and Phishing Attacks with ANY.RUN TI Lookup -> Try for free
A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt…
A threat actor known as #LongNight has reportedly put up for sale remote code execution…
Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile…
Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application…
The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…
Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…