Attackers exploit Cisco Unified CM flaw weeks after patch release
Summary
A critical vulnerability (CVE-2026-20230) in Cisco Unified CM, with a CVSS base score of 8.6, is now under active exploitation. Threat intelligence firm Defused reported observing exploitation weeks after Cisco released patches for the flaw. The vulnerability allows an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) and gain root access if the WebDialer service is enabled.
IFF Assessment
The active exploitation of a critical, recently patched Cisco vulnerability that grants root access is a significant threat to defenders and requires immediate action.
Severity
The CVSS score of 8.6 is directly stated in the article. This critical vulnerability allows an unauthenticated, remote attacker to achieve root-level privilege escalation through SSRF, indicating high impact and exploitability.
Defender Context
Defenders must prioritize immediate patching of their Cisco Unified CM and Unified CM SME products, especially if the WebDialer service is enabled, as the vulnerability is under active exploitation. The ability for an unauthenticated remote attacker to gain root access underscores the severe risk and potential for complete system compromise. Organizations should also enhance monitoring for signs of compromise on affected systems and review their overall patching cadence for critical infrastructure components.