Cisco has launched safety updates to patch a critical-severity Unified Communications Supervisor (Unified CM) flaw that permits attackers to achieve root privileges.
Cisco Unified CM (previously referred to as Cisco CallManager) serves because the central keep watch over machine for Cisco IP telephony methods, dealing with instrument control, name routing, and telephony options.
The vulnerability (tracked as CVE-2026-20230) will also be exploited remotely via danger actors with out privileges in low-complexity server-side request forgery (SSRF) assaults.
“An attacker may exploit this vulnerability via sending a crafted HTTP request to an affected instrument. A a success exploit may permit the attacker to jot down information to the underlying running machine that may be used later to lift to root,” Cisco stated.
“Cisco has assigned this safety advisory a Safety Affect Score (SIR) of Crucial fairly than Prime because the ranking signifies. The reason being that exploitation of this vulnerability may lead to an attacker raising privileges to root.”
Cisco’s Product Safety Incident Reaction Crew (PSIRT) is conscious about publicly to be had proof-of-concept exploit code for CVE-2026-20230, however has but to search out proof of lively exploitation or concentrated on.
Fortunately, the vulnerability most effective affects methods the place the WebDialer provider is enabled, and WebDialer is disabled via default.
To test whether or not WebDialer is enabled, log in to Cisco Unified CM Management, pass to “Cisco Unified Serviceability,” click on “Cross,” and test the provider standing within the Gear > CTI Services and products menu below “Keep an eye on Middle – Characteristic Services and products.”
Whilst there aren’t any workarounds to mitigate this vulnerability, and it is extremely beneficial to put in Cisco Unified CM variations 14SU6 or 15SU5 (Sep 2026 or COP), directors too can disable the WebDialer provider till a patch is implemented to dam any incoming CVE-2026-20230 assaults.
To disable WebDialer, undergo the next steps:
- Log in to the Cisco Unified CM Management interface.
- From the ‘Navigation’ menu, make a choice ‘Cisco Unified Serviceability and click on Cross.
- From the ‘Gear’ menu, make a choice ‘Carrier Activation.’
- Within the ‘CTI Services and products’ segment of the web page, uncheck the ‘Cisco WebDialer Internet Carrier’ checkbox, then click on Save.
In January, Cisco fastened some other severe Unified CM vulnerability (CVE-2026-20045) that has been actively exploited as a zero-day in far flung code execution assaults.
During the last a number of years, the corporate additionally got rid of a Unified CM backdoor account that allowed far flung attackers to log in to unpatched units with root privileges, and patched some other flaw (CVE-2024-20253) that enabled danger actors to achieve root get entry to to susceptible methods.
During the last 5 years, the U.S. Cybersecurity and Infrastructure Safety Company (CISA) tagged 91 Cisco vulnerabilities as actively exploited within the wild, six of that have been utilized by quite a lot of ransomware operations.
Safety groups log 54% of a success assaults and alert on simply 14%. The remaining transfer thru your setting unseen.
The Picus whitepaper displays how breach and assault simulation checks your SIEM and EDR regulations so threats forestall slipping via detection.
Get the whitepaper
