Information disclosure in Webex for Broadworks - #VU105299
Published: March 4, 2025
Vulnerability identifier: #VU105299
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-200
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Webex for Broadworks
Webex for Broadworks
Detailed vulnerability description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to exposure of sensitive information in the SIP headers, if insecure transport is configured for the SIP communication. A remote attacker can intercept the SIP traffic and access sensitive data, including credentials.
Remediation
Install updates from vendor's website.