Cisco finally confirms attackers exploiting Unified CM flaw
ID: 2449246c-8c34-5afa-8187-1f0a55319be5
STIX ID: report--2449246c-8c34-5afa-8187-1f0a55319be5
Feed Name: Bleeping Computer
Cisco has confirmed active exploitation of CVE-2026-20230 in Unified Communications Manager (Unified CM). The SSRF vulnerability can be exploited remotely without privileges using crafted HTTP requests (including file:// payloads) to create files on targeted devices. Proof-of-concept exploit code was publicly available and security firms reported active abuse after patches were released in early June; Cisco recommends upgrading to fixed releases (14SU6 or 15SU5) or disabling the WebDialer service as a mitigation. Shadowserver is tracking over 200 exposed Unified CM instances online, primarily in Asia and North America.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
