Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

Cisco finally confirms attackers exploiting Unified CM flaw

0
Medium
Exploit
Published: 07/02/2026 (07/02/2026, 11:35:25 UTC)
Source: Bleeping Computer

Description

Cisco confirmed that attackers are now exploiting a Unified Communications Manager (Unified CM) vulnerability patched in early June. [...]

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/02/2026, 11:52:16 UTC

Technical Analysis

CVE-2026-20230 is a server-side request forgery (SSRF) vulnerability in Cisco Unified Communications Manager that allows unauthenticated remote attackers to send crafted HTTP requests to exploit the system. Cisco patched this vulnerability in early June 2026 with fixed releases 14SU6 and 15SU5. Initially, Cisco was aware of public proof-of-concept exploit code but had no evidence of active exploitation. However, by late June 2026, threat actors began actively exploiting the flaw, using file:// payloads to create files on affected devices. Cisco confirmed ongoing exploitation and strongly recommends upgrading to patched versions. For environments unable to patch immediately, Cisco advises disabling the WebDialer service to block attacks. Shadowserver reports over 200 exposed Unified CM instances online, primarily in Asia and North America. This vulnerability adds to a series of recent critical flaws in Unified CM actively exploited in the wild.

Potential Impact

The vulnerability enables unauthenticated remote attackers to perform SSRF attacks against Cisco Unified CM, potentially allowing them to create files on the targeted system. This could lead to unauthorized system manipulation or further compromise. Active exploitation has been confirmed, increasing the risk to organizations running vulnerable versions of Unified CM. The exposure of over 200 instances online increases the attack surface. The impact is significant given Unified CM's role in managing IP telephony and call routing infrastructure.

Mitigation Recommendations

Cisco has released official patches in Unified CM versions 14SU6 and 15SU5 (September 2026 or COP) that fully remediate CVE-2026-20230. Customers are strongly urged to upgrade to these fixed releases as soon as possible. For those unable to patch immediately, Cisco recommends disabling the vulnerable WebDialer service to block incoming exploitation attempts. Monitor vendor advisories for updates and apply patches promptly to prevent ongoing exploitation.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Article Source
{"url":"https://www.bleepingcomputer.com/news/security/cisco-finally-confirms-attackers-exploiting-unified-cm-flaw/","fetched":true,"fetchedAt":"2026-07-02T11:52:00.685Z","wordCount":755}

Threat ID: 6a4650e027e9c79719d08c31

Added to database: 07/02/2026, 11:52:00 UTC

Last enriched: 07/02/2026, 11:52:16 UTC

Last updated: 07/03/2026, 01:20:14 UTC

Views: 21

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses