Skip to content

Vulnerability in Cisco Webex for BroadWorks Puts User Data at Risk

Recent cybersecurity research has revealed a critical vulnerability in Cisco Webex for BroadWorks version 45.2. This vulnerability allows remote attackers to intercept confidential user data and authentication credentials transmitted via the Session Initiation Protocol (SIP).

Although this issue is classified as low risk, it poses significant operational threats. Hybrid telephony systems that rely on unencrypted transport protocols are particularly vulnerable.

The vulnerability arises from improper processing of metadata in SIP headers, which are used to establish voice and video sessions. This issue specifically affects systems running in a Windows environment. Linux and macOS platforms are not impacted.

If SIP transport is not secured with TLS (Transport Layer Security) or SRTP (Secure Real-Time Transport Protocol), authentication headers are transmitted in plain text. This allows attackers within the same network as the victim to perform a Man-in-the-Middle (MitM) attack and intercept the following data:

  • Usernames and passwords
  • Access tokens and session information
  • Call and video conference details

This vulnerability can be exploited not only by external attackers but also by authenticated system users. Log files may contain unencrypted authentication credentials, which can be extracted and misused for further attacks.

Since SIP is a core protocol in VoIP systems, unencrypted transmission can lead to easy data interception. By exploiting this flaw, attackers can:

  • Retrieve authentication credentials and compromise accounts
  • Access the system as a legitimate user
  • Join calls and video conferences without authorization
  • Eavesdrop on confidential discussions or corporate meetings

Cisco plans to address the issue through an automatic update that enforces TLS/SRTP encryption. However, these changes will require Webex applications to be restarted for them to take effect.

Organizations should also take the following security measures:

Enable TLS 1.2+ and SRTP for SIP transport – Ensures encrypted data transmission throughout the session.

Change passwords for all BroadWorks accounts – Protects against potential credential compromise.

Monitor and restrict access to log files – Prevents sensitive authentication data from being stored in plaintext.

Check Cisco Unified Border Element (CUBE) and other security gateways – Ensures end-to-end encryption of SIP traffic.

Implement network segmentation and IDS/IPS systems – Isolates unprotected components while updates are applied.

🔹 Transition to modern security protocols: Companies using legacy systems must ensure they meet current security standards.

🔹 Deploy real-time monitoring solutions: SIEM (Security Information and Event Management) and IDS/IPS can help detect and block cyberattacks early.

🔹 Enable two-factor authentication (2FA): Adds an extra layer of security to prevent unauthorized account access.

🔹 Conduct regular security audits: Periodic assessments help identify and mitigate vulnerabilities in the IT infrastructure.

The identified vulnerability in Cisco Webex for BroadWorks poses a serious threat to corporate telecommunications systems. While classified as low-risk, its ease of exploitation makes it a significant security concern.

Companies and IT teams must act quickly by installing the latest updates, monitoring network traffic, and implementing strong encryption mechanisms. In modern cybersecurity, addressing vulnerabilities promptly is one of the key factors in preventing cyberattacks.