Cisco Confirms In-the-Wild Exploitation of Unified CM Vulnerability

Summary

Cisco has confirmed that a vulnerability in its Unified Communications Manager (Unified CM) is being exploited in the wild. A proof-of-concept exploit has been publicly available since the vulnerability's disclosure, and the first exploitation attempts were observed last week.

IFF Assessment

FOE

The in-the-wild exploitation of a Cisco Unified CM vulnerability poses a direct threat to organizations using the affected software.

Severity

7.4 High (AI Estimated)

The CVSS score is estimated based on the critical nature of Unified CM in enterprise communication systems and the confirmation of active exploitation. Assuming a high attack vector (network-accessible) and significant impact (confidentiality, integrity, availability), a score in the high-severity range is appropriate.

Defender Context

Organizations relying on Cisco Unified Communications Manager should prioritize patching this vulnerability immediately. The existence of a public PoC and observed in-the-wild exploitation indicates a high risk of targeted attacks.

Read Full Story →