Cisco has issued a warning regarding a vulnerability in Webex for BroadWorks that could allow unauthenticated attackers to access sensitive credentials remotely. This issue affects the integration of Cisco Webex’s video conferencing features with the BroadWorks unified communications platform.
Details of the BroadWorks Flaw
The vulnerability has not yet been assigned a CVE ID but is classified as a low-severity issue. According to Cisco, the flaw could allow remote attackers to access data and credentials if insecure transport is configured for SIP communication. Cisco explained:
“A related issue could allow an authenticated user to access credentials in plain text in the client and server logs. A malicious actor could exploit this vulnerability and the related issue to access data and credentials and impersonate the user.”
Affected Systems
The BroadWorks flaw specifically impacts Cisco BroadWorks (on-premises) and Cisco Webex for BroadWorks (hybrid cloud/on-premises) instances running in Windows environments.
Remediation Steps and Workarounds
In response to this vulnerability, Cisco has implemented a configuration change to mitigate the issue. Users are advised to restart their Cisco Webex app to receive the fix. Additionally, Cisco recommends:
- Configuring secure transport for SIP communication to encrypt data in transit as a temporary workaround.
- Rotating credentials to safeguard against potential acquisition by malicious actors.
Cisco’s Product Security Incident Response Team (PSIRT) has indicated that there is currently no evidence of the vulnerability being exploited in the wild.
Other Vulnerabilities on CISA’s Radar
On a related note, CISA recently tagged another Cisco vulnerability (CVE-2023-20118) as actively exploited. This flaw allows attackers to execute arbitrary commands on various Cisco VPN routers.
Furthermore, the Insikt Group reported that Chinese hackers had breached several U.S. telecom providers using unpatched Cisco IOS XE network devices.
