Keypoints
- CVE-2026-20045 is a critical remote code execution vulnerability in several Cisco unified communications products.
- An unauthenticated attacker can exploit the flaw by sending specially crafted HTTP requests to the device management interface.
- A successful exploit could grant user-level OS access and allow privilege escalation to root.
- Hunter reports about 1,300 internet-exposed Cisco Unified CM instances, with nearly half located in the United States.
- CISA added the vulnerability to its Known Exploited Vulnerabilities catalog and directed federal agencies to patch by February 11.
Read More: https://www.securityweek.com/hackers-targeting-cisco-unified-cm-zero-day/