Oodaloop
Cisco Confirms Active Exploitation of Unified CM Vulnerability CVE-2026-20230
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Cisco has confirmed that attackers are exploiting a vulnerability in its Unified Communications Manager (Unified CM), tracked as CVE-2026-20230, which was patched on June 3, 2026. This vulnerability allows for server-side request forgery (SSRF) attacks through improperly validated HTTP requests, potentially leading to arbitrary file creation on affected systems. The flaw primarily affects systems with the WebDialer service enabled, which is disabled by default. Threat intelligence firm Defused reported active exploitation on June 22, 2026, followed by a technical write-up from SSD Secure. Cisco has urged customers to upgrade to fixed software versions 14SU6 or 15SU5 and provided mitigation measures for those unable to patch immediately. Currently, over 200 Cisco Unified CM instances are exposed online, mainly in Asia and North America. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has classified this vulnerability as actively exploited in the wild.
Key Points: • Cisco's Unified CM vulnerability CVE-2026-20230 is actively being exploited. • Attackers can execute SSRF attacks leading to arbitrary file creation on vulnerable systems. • Over 200 Cisco Unified CM instances are exposed online, prompting urgent patching.