← All stories
● Covered by 2 sources Β· 2 reportsMedium impact

Cisco Acknowledges Exploitation of Unified CM Vulnerability CVE-2026-20230

Aggregated by BrevFeed security Β· updated 4h ago
πŸ”– Save

Cisco has confirmed active exploitation of a critical vulnerability (CVE-2026-20230) in its Unified Communications Manager (Unified CM). This flaw, found in systems with the WebDialer service enabled, allows attackers to execute server-side request forgery attacks and potentially gain root access. Cisco urges users to upgrade to patched versions immediately.

Key points

Unified CM Vulnerability Exploited

Cisco has confirmed that the CVE-2026-20230 vulnerability in its Unified Communications Manager (Unified CM) is currently being exploited. This vulnerability, which received a CVSS score of 8.6, allows for server-side request forgery (SSRF) attacks, enabling attackers to potentially gain root access to the system.

The issue is specific to systems where the WebDialer service is enabled. Fortunately, this feature is disabled by default, limiting the initial attack surface.

Patch History and Exploitation Details

Patches addressing this vulnerability were originally released in early June 2023 for Unified CM version 14SU6, with plans to include them in the upcoming 15SU5 release expected in September. Despite these updates, attackers have already started exploiting the flaw.

Exploitation details surfaced around late June, noting that attackers are constructing payloads using file:// schemes to manipulate target devices. This comes after proof-of-concept exploit codes became publicly available, raising concerns about the vulnerability's active exploitation.

Recommendations for Users

Cisco strongly recommends that users update their systems to the patched versions without delay to prevent potential security breaches. The company's advisories stress the urgency given the active exploitation occurring in the wild.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

How outlets covered it

Cisco acknowledged that attackers are exploiting a vulnerability (CVE-2026-20230) in its Unified Communications Manager software, which could allow remote, unauthorized access. Customers are urged to update their systems immediately to prevent attacks, following reports of active exploitation after a previously issued patch.

Cisco has confirmed that a critical vulnerability (CVE-2026-20230) in its Unified CM is being actively exploited, allowing attackers to potentially gain root access. The vulnerability affects only appliances with the WebDialer service enabled, which is off by default, prompting Cisco to recommend immediate upgrades to patched software.