Hackers Targeting Cisco Unified CM Zero-Day 

Hackers Targeting Cisco Unified CM Zero-Day 

Posted on By CWS

Cisco on Wednesday introduced patches for one more zero-day vulnerability focused by menace actors.

The flaw, tracked as CVE-2026-20045 and labeled as essential, impacts a number of of Cisco’s unified communications merchandise, together with Cisco Unified Communications Supervisor (CM) and its Session Administration Version (SME), Unified CM IM & Presence Service, Unity Connection, and Webex Calling Devoted Occasion.

In line with Cisco, a distant, unauthenticated attacker can exploit CVE-2026-20045 to execute malicious instructions on the underlying OS of the system.

The zero-day, reported to the seller by unnamed exterior researchers, might be exploited by sending specifically crafted HTTP requests to the focused occasion’s web-based administration interface. 

“A profitable exploit may permit the attacker to acquire user-level entry to the underlying working system after which elevate privileges to root,” Cisco defined.

There doesn’t seem like any public info on the assaults concentrating on CVE-2026-20045. Cisco famous in its advisory that it’s “conscious of tried exploitation of this vulnerability within the wild”.Commercial. Scroll to proceed studying.

The cybersecurity-focused web search engine Hunter is at present displaying roughly 1,300 internet-exposed situations of Cisco Unified CM, almost half in america.

The cybersecurity company CISA has added CVE-2026-20045 to its Identified Exploited Vulnerabilities (KEV) catalog, instructing federal businesses to deal with it by February 11. 

CISA’s KEV catalog at present contains roughly 80 Cisco product vulnerabilities exploited within the wild over the previous decade. Eight Cisco flaws have been added to the company’s ‘should patch’ record previously 12 months. 

One of the current is CVE-2025-20393, a Safe E mail Gateway challenge that has been exploited in assaults by a China-linked APT. It took the networking large a number of weeks to launch patches after the general public disclosure of the zero-day.

Associated: Hackers Goal Cisco Good Licensing Utility Vulnerabilities

Associated: Cisco Routers Hacked for Rootkit Deployment

Associated: Cisco Firewall Zero-Days Exploited in China-Linked ArcaneDoor Assaults

Security Week News Tags:, , , ,

Related Posts

A Massive Telecom Threat Was Stopped Right As World Leaders Gathered at UN Headquarters in New York A Massive Telecom Threat Was Stopped Right As World Leaders Gathered at UN Headquarters in New York Security Week News
Ivanti Patches Exploited EPMM Zero-Days Ivanti Patches Exploited EPMM Zero-Days Security Week News
SAP Zero-Day Targeted Since January, Many Sectors Impacted  SAP Zero-Day Targeted Since January, Many Sectors Impacted  Security Week News
Microsoft and Steam Take Action as Unity Vulnerability Puts Games at Risk Microsoft and Steam Take Action as Unity Vulnerability Puts Games at Risk Security Week News
Up to 25% of Internet-Exposed ICS Are Honeypots: Researchers Up to 25% of Internet-Exposed ICS Are Honeypots: Researchers Security Week News
Checkout.com Discloses Data Breach After Extortion Attempt Checkout.com Discloses Data Breach After Extortion Attempt Security Week News