Cisco has released security updates for CVE-2026-20230, a critical Unified CM flaw that can let remote attackers gain root privileges through a low-complexity SSRF attack. The issue affects systems with WebDialer enabled, and Cisco recommends upgrading to Unified CM 14SU6 or 15SU5 or disabling the WebDialer service until patching is complete. #Cisco #UnifiedCM #CVE-2026-20230 #WebDialer
Keypoints
- Cisco patched a critical Unified CM vulnerability tracked as CVE-2026-20230.
- The flaw can be exploited remotely without privileges using SSRF attacks.
- A successful attack could let an attacker write files and later elevate to root.
- Only systems with WebDialer enabled are affected, and it is disabled by default.
- Cisco recommends upgrading or disabling Cisco WebDialer Web Service as a temporary defense.