SB2025030439 - Information disclosure in Cisco Webex for BroadWorks
Published: March 4, 2025
Security Bulletin ID
SB2025030439
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Adjecent network
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Information disclosure (CVE-ID: N/A)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to exposure of sensitive information in the SIP headers, if insecure transport is configured for the SIP communication. A remote attacker can intercept the SIP traffic and access sensitive data, including credentials.
Remediation
Install update from vendor's website.