Cisco has patched a high-severity flaw in Unified Communications Manager and Unified Communications Manager Session Management Edition, warning that proof-of-concept code is already available. The issue, tracked as CVE-2026-20230, could let attackers perform SSRF attacks and potentially gain root privileges on affected systems, while separate fixes were also issued for Webex Meetings and Finesse. #Cisco #UnifiedCM #UnifiedCMSME #CVE202620230 #WebexMeetings #Finesse
Keypoints
- Cisco patched CVE-2026-20230 in Unified CM and Unified CM SME.
- The flaw can enable server-side request forgery through crafted HTTP requests.
- Successful exploitation could allow file writes and eventual root access.
- Only devices with the WebDialer service enabled are affected.
- Cisco also fixed two medium-severity bugs in Webex Meetings and Finesse.
Read More: https://www.securityweek.com/cisco-warns-of-available-poc-for-critical-unified-cm-vulnerability/