Affecting key Unified Communications products, this flaw allows unauthenticated attackers to run arbitrary commands on the underlying OS, potentially gaining root access.
The Cisco Product Security Incident Response Team (PSIRT) confirmed exploitation attempts and urged immediate patching.
The issue stems from improper validation of user-supplied input in HTTP requests to the web-based management interface. An attacker sends crafted HTTP requests that bypass authentication, execute commands at the user level, and then escalate privileges to root. Cisco rated it Critical via Security Impact Rating (SIR), overriding the CVSS score due to root-level risks.
No workarounds exist. Exploitation requires network access to the management interface, common in enterprise VoIP setups exposed via firewalls or VPNs.
This vulnerability impacts these Cisco products regardless of configuration:
| Product | Bug ID |
|---|---|
| Unified CM | CSCwr21851 |
| Unified CM SME | CSCwr21851 |
| Unified CM IM&P | CSCwr29216 |
| Unity Connection | CSCwr29208 |
| Webex Calling Dedicated Instance | CSCwr21851 |
Products like Contact Center SIP Proxy, Unified CCE, and others are confirmed unaffected. Check the advisory for full details.
Cisco released updates and patches. Migrate or apply version-specific fixes; consult patch READMEs.
| Release | First Fixed Release |
|---|---|
| 12.5 | Migrate to fixed release |
| 14 | 14SU5 or 14SU4a patch |
| 15 | 15SU4 (Mar 2026) or 15SU2/3 patches |
| Release | First Fixed Release |
|---|---|
| 12.5 | Migrate to fixed release |
| 14 | 14SU5 or 14SU4 patch |
| 15 | 15SU4 (Mar 2026) or 15SU3 patch |
PSIRT validates only listed releases.
Cisco PSIRT detected real-world exploits targeting unpatched systems. Attackers likely leverage automated scanners for exposed interfaces. Enterprises running vulnerable VoIP/UC deployments face high risk, especially in hybrid work environments.
Apply patches immediately. Restrict management interface to trusted IPs via firewalls. Monitor logs for anomalous HTTP requests. CISA added this to the Known Exploited Vulnerabilities soon.
An external researcher reported the flaw; Cisco credited them in the advisory. Stay vigilant: zero-day vulnerabilities like CVE-2026-20045 underscore UC platform risks amid rising RCE trends.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Cisco Unified Communications 0-day RCE Vulnerability Exploited in the Wild to Gain Root Access appeared first on Cyber Security News.
PHILADELPHIA (AP) — Lawyers for student protesters detained in Pennsylvania for four days after a…
For what is believed to be the first time, the state plans to ask the…
Sarah Zuech teaches her four kids that charity begins at home. A person’s first responsibility,…
The Rockford School Board voted unanimously to approve new teacher contracts Wednesday night. This comes…
Cisco has disclosed a critical zero-day vulnerability in its Catalyst SD-WAN products that threat actors…
A hacker exploited Anthropic’s Claude AI chatbot over a month-long campaign starting in December 2025,…
This website uses cookies.