Affecting key Unified Communications products, this flaw allows unauthenticated attackers to run arbitrary commands on the underlying OS, potentially gaining root access.
The Cisco Product Security Incident Response Team (PSIRT) confirmed exploitation attempts and urged immediate patching.
The issue stems from improper validation of user-supplied input in HTTP requests to the web-based management interface. An attacker sends crafted HTTP requests that bypass authentication, execute commands at the user level, and then escalate privileges to root. Cisco rated it Critical via Security Impact Rating (SIR), overriding the CVSS score due to root-level risks.
No workarounds exist. Exploitation requires network access to the management interface, common in enterprise VoIP setups exposed via firewalls or VPNs.
This vulnerability impacts these Cisco products regardless of configuration:
| Product | Bug ID |
|---|---|
| Unified CM | CSCwr21851 |
| Unified CM SME | CSCwr21851 |
| Unified CM IM&P | CSCwr29216 |
| Unity Connection | CSCwr29208 |
| Webex Calling Dedicated Instance | CSCwr21851 |
Products like Contact Center SIP Proxy, Unified CCE, and others are confirmed unaffected. Check the advisory for full details.
Cisco released updates and patches. Migrate or apply version-specific fixes; consult patch READMEs.
| Release | First Fixed Release |
|---|---|
| 12.5 | Migrate to fixed release |
| 14 | 14SU5 or 14SU4a patch |
| 15 | 15SU4 (Mar 2026) or 15SU2/3 patches |
| Release | First Fixed Release |
|---|---|
| 12.5 | Migrate to fixed release |
| 14 | 14SU5 or 14SU4 patch |
| 15 | 15SU4 (Mar 2026) or 15SU3 patch |
PSIRT validates only listed releases.
Cisco PSIRT detected real-world exploits targeting unpatched systems. Attackers likely leverage automated scanners for exposed interfaces. Enterprises running vulnerable VoIP/UC deployments face high risk, especially in hybrid work environments.
Apply patches immediately. Restrict management interface to trusted IPs via firewalls. Monitor logs for anomalous HTTP requests. CISA added this to the Known Exploited Vulnerabilities soon.
An external researcher reported the flaw; Cisco credited them in the advisory. Stay vigilant: zero-day vulnerabilities like CVE-2026-20045 underscore UC platform risks amid rising RCE trends.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Cisco Unified Communications 0-day RCE Vulnerability Exploited in the Wild to Gain Root Access appeared first on Cyber Security News.
200 Years Ago School in Southampton! Elizabeth Strong will open a school in the chamber…
SPRINGFIELD — A former Hadley woman who unleashed bees on Hampden County sheriff’s office workers…
NORTHAMPTON — When Priscilla Ross founded the Florence Community Band in 2001, it was just…
AMHERST — At the perimeter of Hampshire College are several institutions that attract visitors from…
NORTHAMPTON — Northampton Animal Control is urging the public not to approach or attempt to…
AMHERST — Hampshire College President Jennifer Chrisler’s address to students and faculty Tuesday, following the…
This website uses cookies.