Back

Cisco Unity Connection Vulnerabilities Enable Code Execution and SSRF Attacks

Severity: High (Score: 74.0)

Sources: Heise.De, Securityaffairs.Co, sec.cloudapps.cisco.com, cve.mitre.org, Hkcert

Summary

Cisco has released security advisories addressing multiple high-severity vulnerabilities in its Unity Connection product. The most critical flaws allow authenticated attackers to inject and execute malicious code through manipulated API requests, while unauthenticated actors can perform Server-Side Request Forgery (SSRF) attacks. Additionally, vulnerabilities in Cisco's Managed Switches and IoT Field Network Director could lead to Denial-of-Service attacks. Cisco has issued patches for these vulnerabilities, with CVE-2026-20034 and CVE-2026-20035 being particularly noteworthy. The flaws affect various enterprise products, posing significant risks to organizations using these systems. Administrators are advised to apply the patches promptly to mitigate potential exploits. Key Points: • Cisco identified critical vulnerabilities in Unity Connection allowing code execution and SSRF. • Patches have been released for CVE-2026-20034 and CVE-2026-20035 to address these issues. • Affected products include Unity Connection, Managed Switches, and IoT Field Network Director.

Key Entities

  • DDoS (attack_type)
  • Denial-of-Service (attack_type)
  • Zero-day Exploit (attack_type)
  • Cwe-918 - Server-Side Request Forgery (ssrf) (cwe)
  • CWE-94 - Code Injection (cwe)
  • T1059 - Command and Scripting Interpreter (mitre_attack)
  • Cisco Unity Connection (platform)
  • Cisco Unity Connection Web Inbox (platform)
  • Identity Services Engine (platform)
  • IoT Field Network Director (platform)
  • Sg350 (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed