CVE-2026-20230: Server-Side Request Forgery (SSRF) in Cisco Cisco Unified Communications Manager
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to write files to the underlying operating system that could be used later to elevate to root. Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root. Note: To exploit this vulnerability, the WebDialer service must be enabled. WebDialer is disabled by default.
AI Analysis
Technical Summary
This vulnerability arises from improper input validation of specific HTTP requests in Cisco Unified Communications Manager and Unified CM SME. An attacker can exploit this by sending specially crafted HTTP requests to the device when the WebDialer service is enabled. The SSRF flaw enables writing files to the operating system, which can be leveraged to escalate privileges to root. The vulnerability is unauthenticated and remote, increasing its risk if the WebDialer service is active. Cisco notes the critical impact due to the possibility of root privilege escalation, although the CVSS score rates it as high severity.
Potential Impact
An unauthenticated remote attacker can exploit this SSRF vulnerability to write files on the underlying operating system of affected Cisco Unified Communications Manager devices, potentially escalating privileges to root. This could lead to full system compromise. However, exploitation requires the WebDialer service to be enabled, which is disabled by default, limiting exposure. There are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the Cisco advisory for current remediation guidance. Since the WebDialer service must be enabled for exploitation and it is disabled by default, ensure that WebDialer remains disabled if not required. Monitor Cisco's official advisories for patches or updates addressing this vulnerability.
CVE-2026-20230: Server-Side Request Forgery (SSRF) in Cisco Cisco Unified Communications Manager
Description
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to write files to the underlying operating system that could be used later to elevate to root. Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root. Note: To exploit this vulnerability, the WebDialer service must be enabled. WebDialer is disabled by default.
CVSS v3.1
Score 8.6high
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability arises from improper input validation of specific HTTP requests in Cisco Unified Communications Manager and Unified CM SME. An attacker can exploit this by sending specially crafted HTTP requests to the device when the WebDialer service is enabled. The SSRF flaw enables writing files to the operating system, which can be leveraged to escalate privileges to root. The vulnerability is unauthenticated and remote, increasing its risk if the WebDialer service is active. Cisco notes the critical impact due to the possibility of root privilege escalation, although the CVSS score rates it as high severity.
Potential Impact
An unauthenticated remote attacker can exploit this SSRF vulnerability to write files on the underlying operating system of affected Cisco Unified Communications Manager devices, potentially escalating privileges to root. This could lead to full system compromise. However, exploitation requires the WebDialer service to be enabled, which is disabled by default, limiting exposure. There are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the Cisco advisory for current remediation guidance. Since the WebDialer service must be enabled for exploitation and it is disabled by default, ensure that WebDialer remains disabled if not required. Monitor Cisco's official advisories for patches or updates addressing this vulnerability.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- cisco
- Date Reserved
- 2025-10-08T11:59:15.399Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a206578e29bf47b50d40f9d
Added to database: 6/3/2026, 5:33:44 PM
Last enriched: 6/3/2026, 5:48:31 PM
Last updated: 6/4/2026, 4:59:42 AM
Views: 14
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.