Cisco finally confirms attackers exploiting Unified CM flaw

Attackers are now exploiting a critical vulnerability in Cisco’s Unified Communications Manager (Unified CM) software, despite patches being released just over a month ago. This development highlights the ongoing threat of cyberattacks on business communication systems and emphasizes the importance of prompt patching and security measures.

Unified CM is a central control system used by many organizations for their IP telephony needs, handling call routing, device management, and other key features. The vulnerability in question, CVE-2026-20230, can be exploited remotely through low-complexity server-side request forgery (SSRF) attacks, where attackers send a crafted HTTP request to the vulnerable system.

Cisco initially acknowledged the vulnerability on June 3, when it released patches to address the issue. However, the company stated at the time that there was no evidence of active exploitation. Despite this, threat intelligence firm Defused reported just over two weeks later that attackers had begun exploiting the flaw using specially constructed file:// payloads to create files on targeted devices.

This revelation prompted a proof-of-concept exploit and technical write-up from SSD Secure, further underscoring the severity of the issue. When contacted by BleepingComputer, Cisco confirmed that attackers are now actively exploiting CVE-2026-20230 and urged customers to secure their systems against ongoing exploitation.

To mitigate this risk, Cisco has recommended that customers upgrade to a fixed software release or, in the meantime, disable the vulnerable WebDialer service. This will block incoming attacks targeting the vulnerability until a patch can be applied. Notably, internet security watchdog Shadowserver is currently tracking over 200 exposed Cisco Unified CM instances worldwide.

This incident serves as a reminder of the importance of regular patching and security measures in preventing cyberattacks on business systems. As we’ve seen with other recent vulnerabilities, including those patched by Cisco earlier this year, failure to act promptly can have serious consequences for organizations.

In light of this development, it’s essential that administrators and security teams take proactive steps to safeguard their Unified CM installations. Regularly reviewing system configurations, applying patches in a timely manner, and implementing robust security measures will help prevent attackers from exploiting this vulnerability. By taking these precautions, organizations can minimize the risk of a successful attack and protect their critical business systems.


Source: Bleeping Computer — 2026-07-02