Cisco warns some Webex users of worrying security flaw, so patch now

News
By
published

Cisco deploys new configuration and urged users to restart their Webex app

Webex by Cisco banner on a Chromebook
(Image credit: Cisco / Vantage_DS / Shutterstock)
  • Cisco warn of new vulnerability in Webex for BroadWorks
  • The flaw allowed threat actors to steal sensitive files remotely
  • A fix was already deployed, and users should update immediately

Cisco has warned Webex for BroadWorks users of a vulnerability that could allow threat actors to access sensitive data remotely.

Cisco Webex for BroadWorks is a cloud collaboration solution that integrates the video conferencing tool with BroadWorks-based service provider networks, offering messaging, calling, and meeting capabilities for businesses.

In a security advisory published on Cisco’s website, the company said that it uncovered a low-severity vulnerability in the app’s Release 45.2, which allowed malicious actors access to sensitive data if unsecure transport is configured for the SIP communication.

Exploiting the flaw

“This vulnerability is due to the exposure of sensitive information in the SIP headers,” Cisco explained.

It also added that it discovered a related issue that could allow an unauthenticated user to access credentials in plain text, in the client and server logs.

“A malicious actor could exploit this vulnerability and the related issue to access data and credentials and impersonate the user,” Cisco warned.

Since the company already made a configuration change that will fix both the vulnerability and the related issue, users are recommended to restart their Cisco Webex applications to apply the changes. For those who would rather deploy a workaround, Cisco said admins could configure secure transport for SIP communication to encrypt data in transit.

"Cisco also recommends rotating credentials to protect against the possibility that the credentials have been acquired by a malicious actor," the advisory concludes. So far, there has been no evidence that the vulnerability was abused in the wild.

In early February 2025, Cisco released patches for two critical-severity vulnerabilities plaguing its Identity Services Engine (ISE) solution. Both could have been used to run arbitrary commands and steal sensitive information.

Since the fix was already deployed, it advised its customers to restart the application to apply the configuration changes.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Cisco patches critical security issues, so update now
An abstract image of padlocks overlaying a digital background.
Mitel collaboration software zero-day strings along a previously patched vulnerability
Security
Broadcom releases fixes for multiple VMware security flaws
A person at a laptop with a cybersecure lock symbol floating above it.
Hackers are still using old Ivanti bugs to break into networks
Representational image depecting cybersecurity protection
CISA says Oracle and Mitel have critical security flaws being exploited
Digital image of a lock.
Ivanti warns it has found another major security flaw in its systems
Latest in Security
Webex by Cisco banner on a Chromebook
Cisco warns some Webex users of worrying security flaw, so patch now
Red padlock open on electric circuits network dark red background
AI-powered cyber threats are becoming the biggest worry for businesses everywhere
Woman using iMessage on iPhone
Apple to take legal action against British Government over backdoor request
Red padlock open on electric circuits network dark red background
Aviaton firms hit by devious new polyglot malware
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
Major ransomware attack sees Tata Technologies hit - 1.4TB dataset with over 730,000 files allegedly stolen
Image of laptop infected with malware
Ransomware criminals are now sending their demands...by snail mail?
Latest in News
Insta360 X4 360 degree camera without lens protector
Leaked DJI Osmo 360 image suggests GoPro and Insta360 should be worried – here's why
A YouTube Premium promo on a laptop screen
A cheaper YouTube Premium Lite plan just rolled out in the US – but you’ll miss out on these 4 features
Viaim RecDot AI true wireless earbuds
These AI-powered earbuds can also act as a dictaphone with transcription when left in their case
The socket interface of the Intel Core Ultra processor
Intel unveils its most powerful AI PCs yet - new Intel Core Ultra Series 2 processors pack in vPro for lightweight laptops and high-performance workstations alike
An Nvidia GeForce RTX 5070
Nvidia confirms that an RTX 5070 Founders Edition is coming... just not on launch day
Webex by Cisco banner on a Chromebook
Cisco warns some Webex users of worrying security flaw, so patch now
More about security
Image of laptop infected with malware

Ransomware criminals are now sending their demands...by snail mail?
Red padlock open on electric circuits network dark red background

AI-powered cyber threats are becoming the biggest worry for businesses everywhere
A YouTube Premium promo on a laptop screen

A cheaper YouTube Premium Lite plan just rolled out in the US – but you’ll miss out on these 4 features
See more latest
Most Popular
A YouTube Premium promo on a laptop screen
A cheaper YouTube Premium Lite plan just rolled out in the US – but you’ll miss out on these 4 features
Viaim RecDot AI true wireless earbuds
These AI-powered earbuds can also act as a dictaphone with transcription when left in their case
Insta360 X4 360 degree camera without lens protector
Leaked DJI Osmo 360 image suggests GoPro and Insta360 should be worried – here's why
The socket interface of the Intel Core Ultra processor
Intel unveils its most powerful AI PCs yet - new Intel Core Ultra Series 2 processors pack in vPro for lightweight laptops and high-performance workstations alike
Image of laptop infected with malware
Ransomware criminals are now sending their demands...by snail mail?
Red padlock open on electric circuits network dark red background
AI-powered cyber threats are becoming the biggest worry for businesses everywhere
Red padlock open on electric circuits network dark red background
Aviaton firms hit by devious new polyglot malware
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Thursday, March 6 (game #368)
OpenAI CEO Sam Altman attends the artificial intelligence Revolution Forum. New York, US - 13 Jan 2023
Sam Altman tweets delay to ChatGPT-4.5 launch while also proposing a shocking new payment structure
Quordle on a smartphone held in a hand
Quordle hints and answers for Thursday, March 6 (game #1137)