Cisco has issued an urgent security alert after identifying a previously unknown remote code execution flaw being exploited against its Unified Communications platforms. The vulnerability, tracked as CVE-2026-20045, enables attackers to compromise systems without authentication and ultimately obtain root-level control.
Ciscoโs security response team has confirmed real-world attacks and advises customers to take immediate action.
How the Attack Works
The issue originates in the web-based management interface, where HTTP request input is not properly validated.
Attackers can exploit this weakness by:
- Sending crafted HTTP requests to the management endpoint
- Bypassing authentication controls
- Executing commands on the operating system
- Escalating privileges to full root access
Because the flaw allows complete system takeover, Cisco classified it as Critical, prioritizing impact over traditional scoring metrics.
Impacted Cisco Products
Cisco confirmed the following products are affected, independent of configuration:
| Product | Tracking ID |
|---|---|
| Unified Communications Manager | CSCwr21851 |
| Unified CM SME | CSCwr21851 |
| Unified CM IM & Presence | CSCwr29216 |
| Unity Connection | CSCwr29208 |
| Webex Calling (Dedicated Instance) | CSCwr21851 |
Other Cisco UC components, including Contact Center-related platforms, are confirmed not vulnerable.
Software Updates and Fix Availability
Cisco has released fixes for supported versions. Only the releases listed below are validated by Cisco PSIRT.
Unified CM, IM&P, SME, Webex Calling
| Version Stream | Fixed Release |
|---|---|
| 12.5 | Upgrade required |
| 14 | 14SU5 or patched 14SU4 |
| 15 | 15SU4 (March 2026) or interim patches |
Unity Connection
| Version Stream | Fixed Release |
|---|---|
| 12.5 | Upgrade required |
| 14 | 14SU5 or patched 14SU4 |
| 15 | 15SU4 (March 2026) or 15SU3 |
Cisco has observed attackers targeting unpatched deployments, likely using automated discovery techniques to locate exposed management interfaces. Environments supporting enterprise voice and collaboration services are particularly attractive targets.
The vulnerability has also been added to CISAโs Known Exploited Vulnerabilities catalog, increasing compliance pressure for affected organizations.
What Cisco Recommends
Organizations should take the following steps immediately:
- Apply Cisco security updates or upgrade to fixed releases
- Restrict access to management interfaces using network controls
- Monitor HTTP activity for abnormal request patterns
- Investigate systems for indicators of compromise
Leave A Comment