Cisco Confirms In-the-Wild Exploitation of Unified CM Vulnerability

Cisco Warns of In-the-Wild Exploitation of Unified Communications Vulnerability

A critical vulnerability in Cisco’s Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME) has been exploited in real-world attacks, according to a warning issued by the company. The flaw, tracked as CVE-2026-20230 with a CVSS score of 8.6, allows attackers to launch Server-Side Request Forgery (SSRF) attacks that can lead to arbitrary files being dropped to the underlying operating system.

Only appliances with the WebDialer service enabled are vulnerable, and Cisco says this service is disabled by default. However, the company’s warning highlights the importance of keeping software up-to-date, as a patch for the vulnerability was released in early June for Unified CM version 14SU6, and will also be included in version 15SU5 expected to arrive in September.

The exploitation of this vulnerability is particularly concerning because it can enable attackers to gain root access on affected systems. This level of access allows hackers to perform a wide range of malicious activities, including stealing sensitive data or using the compromised system as a pivot point for further attacks.

Cisco’s warning comes after exploit intelligence firm Defused reported seeing exploitation “from a single source using an unvetted PoC” and after SSD Secure Disclosure published technical information and a proof-of-concept (PoC) code targeting the vulnerability. At first, Cisco said it was not aware of any malicious use of the security weakness, but the company’s updated advisory now confirms that in-the-wild exploitation is occurring.

The rapid progression from patch release to exploitation highlights the importance of keeping software up-to-date and monitoring for signs of exploitation. This particular vulnerability has a high CVSS score, indicating its potential impact on affected systems. Cisco strongly recommends that customers upgrade to a fixed software release to remediate this vulnerability as soon as possible.

This incident is just one example of why it’s essential for organizations to prioritize timely patching and stay informed about emerging threats. As attackers continue to evolve their tactics, staying ahead requires vigilance and proactive measures to protect against known vulnerabilities before they can be exploited.


Source: SecurityWeek — 2026-07-02