Cisco Webex Bug: When SIP Slips, Watch Your Credentials Flip!

Beware: a cunning Cisco Webex vulnerability in Release 45.2 could let sneaky hackers access data and credentials if SIP communication isn’t secure. A simple config change can fix it, but if your Webex isn’t in Windows or predates Release 45.2, you’re safe. Time to update or risk being a victim of the digital heist!

1P
Published: March 4, 2025 4:07 pmAdded: March 4, 2025 at 8:31 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Well, well, well… looks like Cisco’s Webex for BroadWorks has a little “communication issue.” And by issue, I mean a vulnerability that could potentially let unauthorized folks join the cybersecurity party. Someone call the IT department; we’ve got a SIP-tuation!

Key Points:

  • A vulnerability in Cisco Webex for BroadWorks Release 45.2 allows remote attackers to access data and credentials if SIP communication is insecure.
  • The vulnerability involves the exposure of sensitive information in SIP headers.
  • A related issue could let authenticated users see credentials in plain text in logs.
  • Cisco has pushed a configuration change to fix the issue, requiring a restart of the Webex application.
  • The problem doesn’t affect non-Windows environments or releases earlier than 45.2.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?