TL;DR 📌

A medium-severity information disclosure vulnerability has been identified in Cisco TelePresence Collaboration Endpoint and RoomOS Software. An authenticated attacker could exploit this vulnerability to view sensitive information in clear text. Cisco has released fixed software, and there are no workarounds available.

What happened 🕵️‍♂️

A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software allows an authenticated, remote attacker to view sensitive information in clear text on affected systems. This issue arises when SIP media component logging is enabled, which can lead to the exposure of unencrypted credentials stored in audit logs. An attacker with valid administrative credentials could exploit this vulnerability to access confidential information, potentially including personally identifiable information (PII).