All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Cisco Unified CM Vulnerability (CVE-2026-20230, CVSS 8.6) Actively Exploited for Root Privilege Escalation

10d ago· 1 min readenNews

Summary

CVE-2026-20230 is a high-severity (CVSS 8.6) vulnerability in Cisco Unified CM involving improper HTTP input validation, enabling unauthenticated remote attackers to perform SSRF attacks and write files to the OS for privilege escalation to root. Active exploitation has been observed using an unvetted PoC with file:// payloads. The flaw requires the WebDialer service (disabled by default) to be enabled. Patches are available in versions 14SU6 and 15SU5; disabling WebDialer is recommended as a workaround.

Source

bskyCisco Unified CM Vulnerability (CVE-2026-20230, CVSS 8.6) Actively Exploited for Root Privilege Escalationbriefly.co

Key quotes

· 5 pulled
CVE-2026-20230 has a CVSS score of 8.6 and stems from improper input validation for specific HTTP requests.
Successful exploitation can let an unauthenticated remote attacker perform server-side request forgery through the affected device.
Active exploitation has been observed in attacks using an unvetted proof of concept with file:// payloads landing on decoys.
Exploitation requires the WebDialer service to be enabled, which is disabled by default.
The flaw is patched in Unified CM and Unified CM SME versions 14SU6 and 15SU5, and disabling WebDialer is recommended if patching is not immediately possible.
Snippet from the RSS feed
CVE-2026-20230 has a CVSS score of 8.6 and stems from improper input validation for specific HTTP requests. Successful exploitation can let an unauthenticated remote attacker perform server-side request forgery through the affected device. The resulting i

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.