Cisco on Wednesday introduced patches for one more zero-day vulnerability focused by menace actors.
The flaw, tracked as CVE-2026-20045 and labeled as essential, impacts a number of of Cisco’s unified communications merchandise, together with Cisco Unified Communications Supervisor (CM) and its Session Administration Version (SME), Unified CM IM & Presence Service, Unity Connection, and Webex Calling Devoted Occasion.
In line with Cisco, a distant, unauthenticated attacker can exploit CVE-2026-20045 to execute malicious instructions on the underlying OS of the system.
The zero-day, reported to the seller by unnamed exterior researchers, might be exploited by sending specifically crafted HTTP requests to the focused occasion’s web-based administration interface.
“A profitable exploit may permit the attacker to acquire user-level entry to the underlying working system after which elevate privileges to root,” Cisco defined.
There doesn’t seem like any public info on the assaults concentrating on CVE-2026-20045. Cisco famous in its advisory that it’s “conscious of tried exploitation of this vulnerability within the wild”.Commercial. Scroll to proceed studying.
The cybersecurity-focused web search engine Hunter is at present displaying roughly 1,300 internet-exposed situations of Cisco Unified CM, almost half in america.
The cybersecurity company CISA has added CVE-2026-20045 to its Identified Exploited Vulnerabilities (KEV) catalog, instructing federal businesses to deal with it by February 11.
CISA’s KEV catalog at present contains roughly 80 Cisco product vulnerabilities exploited within the wild over the previous decade. Eight Cisco flaws have been added to the company’s ‘should patch’ record previously 12 months.
One of the current is CVE-2025-20393, a Safe E mail Gateway challenge that has been exploited in assaults by a China-linked APT. It took the networking large a number of weeks to launch patches after the general public disclosure of the zero-day.
Associated: Hackers Goal Cisco Good Licensing Utility Vulnerabilities
Associated: Cisco Routers Hacked for Rootkit Deployment
Associated: Cisco Firewall Zero-Days Exploited in China-Linked ArcaneDoor Assaults
