#VU105299 Information disclosure in Webex for Broadworks
Published: March 4, 2025
Vulnerability identifier: #VU105299
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-200
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Webex for Broadworks
Webex for Broadworks
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to exposure of sensitive information in the SIP headers, if insecure transport is configured for the SIP communication. A remote attacker can intercept the SIP traffic and access sensitive data, including credentials.
Remediation
Install updates from vendor's website.