Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Cisco Confirms In-the-Wild Exploitation of Unified CM Vulnerability

A PoC exploit has been available since public disclosure, and the first exploitation attempts were observed last week.

Cisco patches

Cisco confirmed that a recently patched vulnerability in its Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME) has been exploited in the wild.

Tracked as CVE-2026-20230 (CVSS score of 8.6), the security defect is described as the improper validation of specific HTTP requests, which could allow attackers to mount SSRF attacks.

Successful exploitation of the bug could lead to arbitrary files being dropped to the underlying operating system, which could then be used to gain root access.

Only appliances with the WebDialer service enabled are vulnerable, Cisco says. The service is disabled by default.

In early June, Cisco rolled out patches for the CVE in Unified CM and Unified CM SME version 14SU6 and announced that the fixes would also be included in version 15SU5, which is expected to arrive in September.

Cisco warned that proof-of-concept (PoC) code targeting the vulnerability exists, but said it was not aware of its in-the-wild exploitation.

Advertisement. Scroll to continue reading.

On Wednesday, the company updated its advisory to warn customers that the security defect is being actively exploited in attacks.

“Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability,” the company said.

The warning comes a week after exploit intelligence firm Defused reported seeing exploitation “from a single source using an unvetted PoC” and after SSD Secure Disclosure, which was credited with finding the bug, published technical information and a PoC.

At the time, Cisco told SecurityWeek it was not aware of any malicious use of the security weakness.

Related: Cisco SD-WAN Zero-Day Exploited Months Before Patching

Related: Critical Command Execution Vulnerability Patched in Cisco ISE

Related: Cisco Patches Another SD-WAN Zero-Day Exploited in Attacks

Related: Cisco Patches Critical Vulnerability in Secure Workload

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

Mark Carter has been appointed Chief Information Security Officer at Socure.

Spektrum Labs has named Mark Cravotta Chief Operating Officer.

More People On The Move

Expert Insights

Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.