Cisco finally confirms attackers exploiting Unified CM flaw
Cisco confirmed that attackers are now exploiting a Unified Communications Manager (Unified CM) vulnerability patched in early June. [...]
Stay informed on Cisco security updates, threats, and solutions. Get the latest news and expert insights on Cisco information security developments.
Search across headline titles and summaries.
Background for this topic.
Cisco produces networking devices and software that manage data flow in enterprise and service provider networks, including routers, switches, and firewalls. These components are often central points controlling network traffic and access, making their integrity critical for secure communications and network stability.
Security risks with Cisco equipment commonly arise from firmware vulnerabilities, exposed management interfaces, and configuration errors that attackers can exploit to gain unauthorized access or disrupt services. Timely application of security patches and strict access controls on device management interfaces are essential to reduce exposure. Monitoring network devices for unusual activity also helps detect potential compromises early in environments relying on Cisco infrastructure.
Weekly headline count for the current query.
Cisco confirmed that attackers are now exploiting a Unified Communications Manager (Unified CM) vulnerability patched in early June. [...]
The flaw enables server-side request forgery (SSRF) and escalates privileges to root, impacting Cisco Unified CM and Unified CM SME deployments.
Threat actors have begun to exploit a recently disclosed critical security flaw impacting Cisco Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME)
Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root
Cisco patched a critical Unified CM flaw with public PoC code that allows unauthenticated attackers to launch SSRF attacks remotely. Cisco has addressed a high-severity vulnerability, tracked as CVE-2026-20230, affecting Unified CM and Unified CM SME. The flaw, caused by improper validation of certain HTTP requests, allows a remote attacker without authentication to perform server-side […]
Cisco has released security updates to patch a critical-severity Unified Communications Manager (Unified CM) flaw that allows attackers to gain root privileges. [...]