Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability
TL;DR 📌
A medium-severity information disclosure vulnerability has been identified in Cisco TelePresence Collaboration Endpoint and RoomOS Software. An authenticated attacker could exploit this vulnerability to view sensitive information in clear text. Cisco has released fixed software, and there are no workarounds available.
What happened 🕵️♂️
A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software allows an authenticated, remote attacker to view sensitive information in clear text on affected systems. This issue arises when SIP media component logging is enabled, which can lead to the exposure of unencrypted credentials stored in audit logs. An attacker with valid administrative credentials could exploit this vulnerability to access confidential information, potentially including personally identifiable information (PII).
Affected products 🖥️
The following products are affected if they are running a vulnerable release with SIP media component logging enabled:
- Cisco TelePresence CE
- Cisco RoomOS in on-premises operation
- Cisco RoomOS in cloud-aware on-premises operation
Note: Logging is disabled by default and must be explicitly configured.
Fixed software 🔧
Upgrade to the first fixed release in your train (or later):
| Release / Product | First Fixed Release | Notes |
|---|---|---|
| 9 | Migrate to a fixed release. | |
| 10 | Migrate to a fixed release. | |
| 11 | 11.32.2.1 | |
| 1.0 | Initial public release. | |
| Cisco TelePresence CE and RoomOS | 11.32.2.1 | |
| Cisco RoomOS | RoomOS July 2025 |
Workarounds 🧯
There are no workarounds that address this vulnerability.
Risk in context 🎯
The vulnerability has a CVSS score of 4.9, indicating a medium level of risk. While it requires valid administrative credentials for exploitation, the potential exposure of sensitive information, including PII, poses a significant concern for organizations using affected Cisco products.
Fast facts ⚡
- Vulnerability: Information disclosure in logging component
- CVSS Score: 4.9 (Medium)
- Exploitation: Requires valid administrative credentials
- Workarounds: None available
- Fixed Software: Available for various versions
For leadership 🧭
This vulnerability presents a medium risk to our organization, given its CVSS score of 4.9. It requires authenticated access, which limits exposure but still allows for potential unauthorized access to sensitive information, including PII. Immediate remediation is necessary, and we recommend patching affected systems within the next 7 days.
- Operational impact: Expect a brief maintenance window with no configuration drift.
- Clear Now / Next / Later:
- Now: Assess affected systems and plan for patching.
- Next: Implement the fixed software as soon as possible.
- Later: Review logging configurations to ensure they align with security best practices.
Please note that exploitation of this vulnerability has not been publicly reported, but the absence of workarounds necessitates prompt action.