Categories: Cyber Security News

CISA Warns of Actively Exploited Cisco Unified CM Zero-Day RCE Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical remote code execution (RCE) vulnerability affecting Cisco Unified Communications Manager to its Known Exploited Vulnerabilities catalog.

Tracked as CVE-2026-20045, the flaw enables attackers to execute arbitrary code on affected systems and escalate privileges to root level, posing severe risks to enterprise communication infrastructure.

The vulnerability stems from improper code injection validation in multiple Cisco communications products.

Attackers can exploit this weakness to gain initial user-level access to the underlying operating system before laterally escalating privileges to administrative control, creating a complete system compromise scenario.

Affected Products

The code injection vulnerability impacts multiple Cisco Unified Communications products:

  • Cisco Unified Communications Manager (Unified CM)
  • Cisco Unified Communications Manager Session Management Edition (Unified CM SME)
  • Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P)
  • Cisco Unity Connection
  • Cisco Webex Calling Dedicated Instance

Organizations relying on any of these platforms for internal communications, voicemail, instant messaging, or cloud-based calling services should immediately assess their deployment status and implement mitigation measures.

The vulnerability is classified under CWE-94 (Code Injection), indicating that insufficient input validation allows attackers to inject and execute malicious code within the application context.

By exploiting this weakness, threat actors can bypass security controls and directly access system-level functionality without requiring legitimate credentials or authentication bypass techniques.

The precise attack vector has not been publicly disclosed to prevent widespread exploitation before patches become available.

However, CISA’s addition to the Known Exploited Vulnerabilities list confirms active exploitation in the wild, with attackers actively leveraging this weakness in real-world attack scenarios.

Timeline and Action Required

CISA added CVE-2026-20045 to its KEV catalog on January 21, 2026, with a mandatory remediation deadline of February 11, 2026.

This 21-day window provides organizations with limited time to deploy patches or implement compensating controls before federal agencies are required to address the vulnerability under binding operational directives.

Organizations should immediately implement one of three remediation approaches:

Apply Vendor Patches: Contact Cisco for available security updates addressing CVE-2026-20045 and deploy patches to all affected systems during maintenance windows.

Follow BOD 22-01 Guidance: For cloud-based deployments, implement mitigations specified in Binding Operational Directive 22-01, which addresses vulnerability management in cloud services and may include network segmentation or access controls.

Discontinue Usage: If patches remain unavailable for legacy deployments, organizations should consider discontinuing use of affected products and transitioning to alternative communications platforms.

At this time, this vulnerability has not been linked to ransomware campaigns, though its RCE and privilege escalation capabilities make it attractive for broader attack scenarios, including data theft, lateral movement, and persistence mechanisms.

The exploitation of CVE-2026-20045 represents a critical risk to enterprise communications infrastructure.

Organizations must prioritize patching efforts and implement immediate mitigation strategies to prevent unauthorized access to their unified communications environments. Failure to address this vulnerability by the February 11 deadline exposes systems to active exploitation.

Follow us on Google News , LinkedIn and X to Get More Instant UpdatesSet Cyberpress as a Preferred Source in Google.

The post CISA Warns of Actively Exploited Cisco Unified CM Zero-Day RCE Vulnerability appeared first on Cyber Security News.

rssfeeds-admin

Recent Posts

Nintendo Switch 2 With Removable Battery in Production, Report Reveals — But Only for Europe

Nintendo is developing an updated Switch 2 model with a removable battery, according to a…

22 minutes ago

Nintendo Switch 2 With Removable Battery in Production, Report Reveals — But Only for Europe

Nintendo is developing an updated Switch 2 model with a removable battery, according to a…

22 minutes ago

Ready or Not 2: Here I Come Ending Explained

If you're wondering if Ready or Not 2: Here I Come has any post-credits scenes,…

22 minutes ago

ANYbotics appoints Thierry Obédé as Chief Revenue Officer

ANYbotics, a global leader in AI-driven robotic inspection solutions, announced the appointment of Thierry Obédé…

37 minutes ago

A Big Deal at the Big Deel

At The Big Deel, the Deel virtual event held this week, the company showcased the…

37 minutes ago

Unit4 Appoints Embridge as Exclusive UK Public Sector Partner

Unit4 has appointed Embridge Consulting as its official UK Public Sector go-to-market partner for the…

38 minutes ago

This website uses cookies.