Cisco Confirms In-the-Wild Exploitation of Unified CM Vulnerability

Cisco Warns of In-the-Wild Exploitation of Unified Communications Manager Vulnerability

A critical vulnerability in Cisco’s Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME) has been confirmed as being exploited in real-world attacks. The flaw, tracked as CVE-2026-20230 with a CVSS score of 8.6, allows attackers to launch Server-Side Request Forgery (SSRF) attacks, potentially granting them arbitrary file access and root privileges.

Only appliances with the WebDialer service enabled are vulnerable, but that’s not much comfort for affected organizations. The service is disabled by default, so it’s likely that many systems are still exposed. Cisco first patched the vulnerability in early June as part of its Unified CM 14SU6 release, and warned that proof-of-concept code was circulating. However, until now, the company had not confirmed any in-the-wild exploitation.

In a stark reversal, on Wednesday, Cisco updated its advisory to warn customers that the vulnerability is indeed being actively exploited by attackers. The warning comes hot on the heels of reports from exploit intelligence firm Defuse, which claimed to have seen exploitation “from a single source using an unvetted proof-of-concept” and SSD Secure Disclosure, which was credited with discovering the bug.

Cisco’s updated advisory strongly recommends that customers upgrade to a fixed software release to remediate this vulnerability. With the company warning of active exploitation, it’s clear that prompt action is necessary to prevent potential damage. Organizations should review their Unified CM configurations and ensure they have applied the necessary patches to mitigate this risk.

The fact that this vulnerability was patched in June but still being exploited today highlights the ongoing cat-and-mouse game between attackers and vendors. It also underscores the importance of staying vigilant and keeping software up-to-date, even after patches are released.

To protect against similar vulnerabilities, organizations should consider implementing robust security measures such as network segmentation, regular security audits, and employee education on safe computing practices. With the threat landscape constantly evolving, it’s essential for businesses to stay informed and proactive in their cybersecurity strategies.


Source: SecurityWeek — 2026-07-02