Feed›Vulnerability›Cisco warns of critical Unified CM flaw with PoC exploit cod...

VulnerabilityBleeping Computer

10.0 — CRITICAL

Cisco warns of critical Unified CM flaw with PoC exploit code

📅 4 June 2026 at 11:09 UTC📰 Bleeping ComputerView original source ↗

Cisco has released security updates to patch a critical-severity Unified Communications Manager (Unified CM) flaw that allows attackers to gain root privileges. [...]

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

A critical-severity vulnerability in Cisco Unified Communications Manager (Unified CM) allows attackers to gain root privileges through server-side request forgery attacks, impacting systems where the WebDialer service is enabled.

⚙️Technical Details

CVEs

CVE-2026-20230CVE-2026-20045CVE-2024-20253Affected Systems: Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME)Attack Vectors: NETWORK, LOW

Affected Systems

Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME)

Attack Vectors

NETWORK, LOW

💥Impact Assessment

Severity: Critical

Who Is at Risk

Administrators of affected systems with enabled WebDialer service

🛡️Recommended Actions

1Disable the WebDialer service until a patch is applied to block incoming CVE-2026-20230 attacks.

2Apply security updates to Cisco Unified CM versions 14SU6 or 15SU5 (Sep 2026 or COP).

3Monitor systems for signs of exploitation and implement additional security controls as needed.

📦Affected Products

Cisco Unified Communications ManagerCisco Unified Communications Manager Im And Presence ServiceCisco Unity ConnectionCisco Unified Contact Center ExpressCisco Virtualized Voice BrowserCisco Unified Communications Manager Session Management Edition (Unified CM SME)Cisco Webex Calling Dedicated Install

🔐NVD Verified DataVERIFIED

CVE-2026-20230 ↗CVSS 8.6 — HIGH

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Weaknesses

CWE-918

CVE-2026-20045 ↗CVSS 9.8 — CRITICAL

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CWE-94

Affected Products (CPE)

Cisco Unified Communications ManagerCisco Unified Communications Manager Im And Presence ServiceCisco Unity Connection

Advisories

📋 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityA…

CVE-2024-20253 ↗CVSS 10 — CRITICAL

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Weaknesses

CWE-502

Affected Products (CPE)

Cisco Unified Communications ManagerCisco Unified Communications Manager Im And Presence ServiceCisco Unified Contact Center ExpressCisco Unity ConnectionCisco Virtualized Voice Browser

Advisories

📋 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityA…📋 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityA…

Read the full article

This is a curated summary. The complete article is available at Bleeping Computer.

Read on Bleeping Computer ↗

← Back to feed