Cisco Unified Communications 0-day RCE Vulnerability Exploited in the Wild to Gain Root Access

Cisco Unified Communications 0-day RCE Vulnerability Exploited in the Wild to Gain Root Access

Posted on By CWS

Cisco has disclosed a vital zero-day distant code execution (RCE) vulnerability, CVE-2026-20045, actively exploited within the wild.

Affecting key Unified Communications merchandise, this flaw permits unauthenticated attackers to run arbitrary instructions on the underlying OS, doubtlessly gaining root entry.

The Cisco Product Safety Incident Response Group (PSIRT) confirmed exploitation makes an attempt and urged fast patching.

The problem stems from improper validation of user-supplied enter in HTTP requests to the web-based administration interface. An attacker sends crafted HTTP requests that bypass authentication, execute instructions on the consumer stage, after which escalate privileges to root. Cisco rated it Crucial by way of Safety Affect Ranking (SIR), overriding the CVSS rating as a result of root-level dangers.

No workarounds exist. Exploitation requires community entry to the administration interface, widespread in enterprise VoIP setups uncovered by way of firewalls or VPNs.

Affected Merchandise

This vulnerability impacts these Cisco merchandise no matter configuration:

ProductBug IDUnified CMCSCwr21851Unified CM SMECSCwr21851Unified CM IM&PCSCwr29216Unity ConnectionCSCwr29208Webex Calling Devoted InstanceCSCwr21851

Merchandise like Contact Heart SIP Proxy, Unified CCE, and others are confirmed unaffected. Examine the advisory for full particulars.

Fastened Releases and Patches

Cisco launched updates and patches. Migrate or apply version-specific fixes; seek the advice of patch READMEs.

Unified CM, IM&P, SME, Webex Calling

Unity Connection

PSIRT validates solely listed releases.

Exploitation within the Wild

Cisco PSIRT detected real-world exploits concentrating on unpatched techniques. Attackers doubtless leverage automated scanners for uncovered interfaces. Enterprises working susceptible VoIP/UC deployments face excessive threat, particularly in hybrid work environments.

Apply patches instantly. Limit administration interface to trusted IPs by way of firewalls. Monitor logs for anomalous HTTP requests. CISA added this to the Identified Exploited Vulnerabilities quickly.

An exterior researcher reported the flaw; Cisco credited them within the advisory. Keep vigilant: zero-day vulnerabilities like CVE-2026-20045 underscore UC platform dangers amid rising RCE traits.

Comply with us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to function your tales.

Cyber Security News Tags:, , , , , , , , , ,

Related Posts

Over 644,000 Domains Exposed to Critical React Server Components Vulnerability Over 644,000 Domains Exposed to Critical React Server Components Vulnerability Cyber Security News
CISA Warns of WHILL Model C2 Wheelchairs Vulnerability Let Attackers Take Control of Product CISA Warns of WHILL Model C2 Wheelchairs Vulnerability Let Attackers Take Control of Product Cyber Security News
Critical Salesforce Tableau Vulnerabilities Let Attackers Execute Code Remotely Critical Salesforce Tableau Vulnerabilities Let Attackers Execute Code Remotely Cyber Security News
Lucid PhaaS With 17,500 Phishing Domains Mimics 316 Brands From 74 Countries Lucid PhaaS With 17,500 Phishing Domains Mimics 316 Brands From 74 Countries Cyber Security News
Cybersecurity News Weekly Newsletter – Windows, Chrome, and Apple 0-days, Kali Linux 2025.4, and MITRE Top 25 Cybersecurity News Weekly Newsletter – Windows, Chrome, and Apple 0-days, Kali Linux 2025.4, and MITRE Top 25 Cyber Security News
Red Bull-Themed Phishing Attacks Steal Job Seekers Login Credentials Red Bull-Themed Phishing Attacks Steal Job Seekers Login Credentials Cyber Security News