Cisco Unified CM Flaw CVE-2026-20230 Actively Exploited for SSRF Attacks

A critical vulnerability in Cisco Unified Communications Manager (CVE-2026-20230) is being actively exploited, allowing remote attackers to execute server-side request forgery (SSRF) attacks. The flaw, linked to improper input validation in the WebDialer service, was first patched on June 3, 2026, but exploitation was reported by Defused on June 23, 2026. Attackers are using automated methods to drop webshells and potentially gain root access to affected systems. The vulnerability affects widely used Cisco Unified CM and Unified CM SME products, with a CVSS score of 8.6. No prior exploitation was recorded before this incident, and Cisco has not provided a workaround. Administrators are advised to disable the WebDialer service until a patch is applied. The situation is evolving, with ongoing monitoring required.

Key Points: • CVE-2026-20230 is a critical SSRF vulnerability in Cisco Unified CM actively exploited. • Attackers are using automated sweeps to drop webshells via the WebDialer service. • Cisco's advisory recommends disabling the WebDialer service as a temporary mitigation.