CISA Warns of Actively Exploited Cisco Unified CM Zero-Day RCE Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical remote code execution (RCE) vulnerability affecting Cisco Unified Communications Manager to its Known Exploited Vulnerabilities catalog.

Tracked as CVE-2026-20045, the flaw enables attackers to execute arbitrary code on affected systems and escalate privileges to root level, posing severe risks to enterprise communication infrastructure.

The vulnerability stems from improper code injection validation in multiple Cisco communications products.

Attackers can exploit this weakness to gain initial user-level access to the underlying operating system before laterally escalating privileges to administrative control, creating a complete system compromise scenario.

Affected Products

The code injection vulnerability impacts multiple Cisco Unified Communications products:

• Cisco Unified Communications Manager (Unified CM)
• Cisco Unified Communications Manager Session Management Edition (Unified CM SME)
• Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P)
• Cisco Unity Connection
• Cisco Webex Calling Dedicated Instance

Organizations relying on any of these platforms for internal communications, voicemail, instant messaging, or cloud-based calling services should immediately assess their deployment status and implement mitigation measures.

The vulnerability is classified under CWE-94 (Code Injection), indicating that insufficient input validation allows attackers to inject and execute malicious code within the application context.

By exploiting this weakness, threat actors can bypass security controls and directly access system-level functionality without requiring legitimate credentials or authentication bypass techniques.

The precise attack vector has not been publicly disclosed to prevent widespread exploitation before patches become available.

However, CISA’s addition to the Known Exploited Vulnerabilities list confirms active exploitation in the wild, with attackers actively leveraging this weakness in real-world attack scenarios.

Timeline and Action Required

CISA added CVE-2026-20045 to its KEV catalog on January 21, 2026, with a mandatory remediation deadline of February 11, 2026.

This 21-day window provides organizations with limited time to deploy patches or implement compensating controls before federal agencies are required to address the vulnerability under binding operational directives.

Organizations should immediately implement one of three remediation approaches:

Apply Vendor Patches: Contact Cisco for available security updates addressing CVE-2026-20045 and deploy patches to all affected systems during maintenance windows.

Follow BOD 22-01 Guidance: For cloud-based deployments, implement mitigations specified in Binding Operational Directive 22-01, which addresses vulnerability management in cloud services and may include network segmentation or access controls.

Discontinue Usage: If patches remain unavailable for legacy deployments, organizations should consider discontinuing use of affected products and transitioning to alternative communications platforms.

At this time, this vulnerability has not been linked to ransomware campaigns, though its RCE and privilege escalation capabilities make it attractive for broader attack scenarios, including data theft, lateral movement, and persistence mechanisms.

The exploitation of CVE-2026-20045 represents a critical risk to enterprise communications infrastructure.

Organizations must prioritize patching efforts and implement immediate mitigation strategies to prevent unauthorized access to their unified communications environments. Failure to address this vulnerability by the February 11 deadline exposes systems to active exploitation.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.

The post CISA Warns of Actively Exploited Cisco Unified CM Zero-Day RCE Vulnerability appeared first on Cyber Security News.