Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

Cisco Confirms In-the-Wild Exploitation of Unified CM Vulnerability

0
Medium
Exploit
Published: 07/02/2026 (07/02/2026, 10:48:43 UTC)
Source: SecurityWeek

Description

A PoC exploit has been available since public disclosure, and the first exploitation attempts were observed last week. The post Cisco Confirms In-the-Wild Exploitation of Unified CM Vulnerability appeared first on SecurityWeek .

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/02/2026, 10:51:33 UTC

Technical Analysis

The vulnerability CVE-2026-20230 affects Cisco Unified Communications Manager and Unified CM SME appliances with the WebDialer service enabled. It stems from improper validation of specific HTTP requests, which can be exploited via SSRF attacks to drop arbitrary files on the system. Successful exploitation may lead to root-level access. Cisco patched the vulnerability in Unified CM and SME version 14SU6 and plans to include fixes in 15SU5. Initially, Cisco was unaware of in-the-wild exploitation, but later confirmed active exploitation following reports from security researchers and exploit intelligence firms. The WebDialer service is disabled by default, limiting exposure to systems where it is enabled.

Potential Impact

Exploitation of this vulnerability allows attackers to perform SSRF attacks that can write arbitrary files to the underlying operating system, potentially leading to root access. This elevates the risk of full system compromise on affected appliances with the WebDialer service enabled. The vulnerability has a CVSS score of 8.6, indicating high severity. Active exploitation in the wild increases the urgency of remediation.

Mitigation Recommendations

Cisco has released official patches for Unified CM and Unified CM SME version 14SU6 and plans to include fixes in version 15SU5. Customers are strongly advised to upgrade to these fixed software releases to remediate the vulnerability. Since the WebDialer service is disabled by default, disabling it if not required can reduce exposure. Monitor Cisco advisories for updates and apply patches promptly. Patch status is confirmed as fixed in 14SU6 and upcoming 15SU5 releases.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Article Source
{"url":"https://www.securityweek.com/cisco-confirms-in-the-wild-exploitation-of-unified-cm-vulnerability/","fetched":true,"fetchedAt":"2026-07-02T10:51:27.864Z","wordCount":950}

Threat ID: 6a4642b027e9c79719bacf38

Added to database: 07/02/2026, 10:51:28 UTC

Last enriched: 07/02/2026, 10:51:33 UTC

Last updated: 07/03/2026, 04:01:32 UTC

Views: 31

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses