CyberSecurityBoard
Sponsor Register Login

Cisco warns of Webex for BroadWorks flaw exposing credentials

"A low-severity vulnerability in Cisco Webex for BroadWorks Release 45.2 could allow an unauthenticated, remote attacker to access data and credentials if unsecure transport is configured for the SIP communication," Cisco explained. Cisco warned customers today of a vulnerability in Webex for BroadWorks that could let unauthenticated attackers access credentials remotely. The vulnerability is caused by sensitive information exposed in the SIP headers and only affects Cisco BroadWorks (on-premises) and Cisco Webex for BroadWorks (hybrid cloud/on-premises) instances running in Windows environments. While the company has yet to assign a CVE ID to track this security issue, Cisco says in a Tuesday security advisory that it already pushed a configuration change to address the flaw and advised customers to restart their Cisco Webex app to get the fix. Webex for BroadWorks integrates Cisco Webex's video conferencing and collaboration features with the BroadWorks unified communications platform. Last month, Recorded Future's Insikt Group threat research division also reported that China's Salt Typhoon hackers had breached more U.S. telecom providers via unpatched Cisco IOS XE network devices. "Cisco also recommends rotating credentials to protect against the possibility that the credentials have been acquired by a malicious actor," the company added. This flaw allows attackers to execute arbitrary commands on Cisco RV016, RV042, RV042G, RV082, RV320, and RV325 VPN routers.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 04 Mar 2025 18:40:21 +0000


Cyber News related to Cisco warns of Webex for BroadWorks flaw exposing credentials

Cisco warns of Webex for BroadWorks flaw exposing credentials - "A low-severity vulnerability in Cisco Webex for BroadWorks Release 45.2 could allow an unauthenticated, remote attacker to access data and credentials if unsecure transport is configured for the SIP communication," Cisco explained. Cisco warned ...
23 hours ago Bleepingcomputer.com
Webex announces comprehensive Device Management Capabilities with Phonism integration - Webex is excited to announce a comprehensive solution for 3rd party Device Management referred to as 'Partner Managed Devices. ' Partner Managed Devices allows Webex Cloud Calling offers to support a flexible Device Management strategy. With this ...
1 year ago Feedpress.me
Webex Connect and a New Digital Experience - While creating such engaging experiences is necessary for businesses of all sizes, smaller teams in particular need to find a way to get their customers' questions answered without relying on as much manpower. The Cisco Store is one such program, and ...
1 year ago Feedpress.me
CVE-2018-0264 - A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on the system of a targeted user. An attacker could exploit this ...
5 years ago
CVE-2018-0112 - A vulnerability in Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to insufficient input ...
5 years ago
What we learned over coffee at the year's biggest healthcare event - Healthcare organizations are dedicated to providing exceptional care, prioritizing the patient's satisfaction and experience through a patient-centered approach. This approach ensures patients are firmly at the center of their care and engaged in ...
9 months ago Feedpress.me
Something exciting is brewing for NRF24 - NRF'24 is also where we'll be demonstrating Webex Connect's mobile ordering coffee bar experience at Café Cisco, which showcases the richer customer communications delivered by the simplicity and intuitiveness of Webex Connect, part of Webex CPaaS ...
1 year ago Feedpress.me
CVE-2018-0380 - Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf ...
5 years ago
CVE-2017-6753 - A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability ...
5 years ago
What's Coming to Cisco Live Europe 2024 for the Data Center Developer? - In just a week or so, Cisco Live EMEA, 2024 will be ready to sizzle at the RAI Amsterdam. From a Cisco Cloud Networking standpoint, Cisco Nexus Dashboard, Cisco ACI, and Nexus 9000 Series switches are showing up in a big way. Read on to learn what ...
1 year ago Feedpress.me
CVE-2023-20125 - A vulnerability in the local interface of Cisco BroadWorks Network Server could allow an unauthenticated, remote attacker to exhaust system resources, causing a denial of service (DoS) condition. This vulnerability exists because rate limiting does ...
3 months ago Tenable.com
Retail Tech Deep-Dive: Webex Connect - Jeremy leads sales in North and South America for the Webex cloud communications platform solution. With several leadership roles over the years, Jeremy has deep mobile industry expertise that's been leveraged across many vertical markets including ...
1 year ago Feedpress.me
Building Data Center Infrastructure for the AI Revolution  - This is part two of a multi-part blog series on AI. Part one, Why 2024 is the Year of AI for Networking, discussed Cisco's AI networking vision and strategy. This blog will focus on evolving data center network infrastructure for supporting AI/ML ...
11 months ago Feedpress.me
5 Tips for Pi Day Savings at the Cisco Learning Network Store - Save 25% on select training products from the Cisco Learning Network Store for 24 hours only. Two new multicloud training courses are now available in the Cisco Learning Network Store-and they're included in the Pi Day Sale. If you are an active ...
11 months ago Feedpress.me
Over 40,000 Cisco IOS XE devices infected with backdoor using zero-day - More than 40,000 Cisco devices running the IOS XE operating system have been compromised after hackers exploited a recently disclosed maximum severity vulnerability tracked as CVE-2023-20198. There is no patch or a workaround available and the only ...
1 year ago Bleepingcomputer.com CVE-2023-20198
CVE-2017-6669 - Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious ARF file via email or URL and ...
3 years ago
Cisco Adds New Security and AI Capabilities in Next Step Toward Cisco Networking Cloud Vision - PRESS RELEASE. AMSTERDAM, Feb. 6, 2024 /PRNewswire/ - CISCO LIVE EMEA - Cisco, the leader in networking and security, today introduced new capabilities and technologies across its networking portfolio that are designed to drive a more unified and ...
1 year ago Darkreading.com
CVE-2020-3361 - A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site. The vulnerability is due to improper handling of authentication tokens by ...
4 years ago
CVE-2020-3471 - A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to maintain bidirectional audio despite being expelled from an active Webex session. The vulnerability is due to a synchronization ...
3 years ago
CVE-2020-3419 - A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to join a Webex session without appearing on the participant list. This vulnerability is due to improper handling of ...
4 years ago
Cisco patches IOS XE zero-days used to hack over 50,000 devices - Cisco has addressed the two vulnerabilities that hackers exploited to compromise tens of thousands of IOS XE devices over the past week. The free software release comes after a threat actor leveraged the security issues as zero-days to compromise and ...
1 year ago Bleepingcomputer.com CVE-2023-20198
High-severity flaw affects Cisco Firepower Management Center - CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Hackers ...
9 months ago Securityaffairs.com CVE-2020-3259 CVE-2024-23897 CVE-2024-0204 CVE-2023-20198 CVE-2023-38831 Rocke
High-severity flaw affects Cisco Firepower Management Center - CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Hackers ...
9 months ago Securityaffairs.com CVE-2020-3259 CVE-2024-23897 CVE-2024-0204 CVE-2023-20198 CVE-2023-38831 Rocke
CVE-2020-3319 - A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. ...
3 years ago
Accelerating Your Journey to the 128-bit Universe - The 2023 National Cybersecurity Strategy requires acceleration of your agency's mission to go boldly into the 128-bit address space universe with greater speed and urgency. IPv6-only is the addressing standard for the U.S. Federal Government, ...
1 year ago Feedpress.me

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)