Update! Attack attempts on security gaps in Cisco Unified Communications
Admins must act quickly. Cisco warns of attack attempts on a security vulnerability in Unified Communications products.
(Image: VIVEK PAYGUDE/Shutterstock.com)
A security vulnerability exists in several Unified Communications products from Cisco, which allows attackers to inject and execute malicious code from the network with root privileges without authentication. Admins should promptly apply the available updates, as Cisco has already observed network-based attack attempts on the vulnerability.
This is reported by Cisco in a security advisory. The vulnerability results from insufficient validation of user-supplied data in HTTP requests. Malicious actors can exploit the vulnerability by sending a sequence of carefully crafted HTTP requests to the web-based management interface of a vulnerable appliance. “A successful attack allows attackers to gain user-level access to the operating system and then escalate privileges to 'root',” explains Cisco (CVE-2026-20045, CVSS 8.2, risk deviating “critical”).
Cisco further states that the company classifies the risk as “critical,” deviating from the CVSS risk level “high.” The security advisory cites that exploiting the vulnerability can lead to attackers escalating their privileges to “root.”
Attack attempts: Updates for affected products
Cisco has already observed attack attempts on the vulnerability. Affected are Unified CM, Unified CM SME, Unified CM IM&P, Unity Connection, and Webex Calling Dedicated Instance. Software versions 15SU4 (announced for March 2026) and 14SU5 patch the security hole. Those still on version 12.5 must migrate to the newer releases.
Videos by heise
On Wednesday, Cisco released three more security advisories that admins should address promptly.
- Cisco Intersight Virtual Appliance Privilege Escalation Vulnerability, CVE-2026-20092, CVSS 6.0, risk “medium”
- Cisco IEC6400 Wireless Backhaul Edge Compute Software SSH Denial of Service Vulnerability, CVE-2026-20080, CVSS 5.3, risk “medium”
- Cisco Packaged Contact Center Enterprise and Cisco Unified Contact Center Enterprise Cross-Site Scripting Vulnerabilities, CVE-2026-20055+CVE-2026-20109, CVSS 4.8, risk “medium”
Last week, IT managers dealing with Cisco products had to patch security vulnerabilities with updates. In Cisco's Secure Email Gateway and Secure Email and Web Manager, a vulnerability that could grant attackers root privileges and thus full control over instances had already been exploited since December. Cisco released the security updates on Friday.
(dmk)
