Secure Cyber Vulnerability Management

05/06/2026
Qualys-Threat-Protect

Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability (CVE-2026-20230)

by Deepanshu Jha

Security researchers identified a critical severity vulnerability impacting Cisco Unified Communications Manager. Tracked as CVE-2026-20230, the vulnerability may allow an attacker to conduct server-side request forgery (SSRF) attacks through an affected device.

Cisco Unified Communications Manager (CUCM) is a call-processing and session-management platform that enables enterprises to manage voice, video, messaging, and other collaboration services across devices and locations. It is the central control system for Cisco’s unified communications solutions, facilitating communication and collaboration for hybrid workforces.

Vulnerability Details 

The vulnerability originates from an improper input validation for specific HTTP requests. An attacker could exploit the vulnerability by sending a crafted HTTP request to an affected device. Upon successful exploitation, an attacker may write files to the underlying operating system, which could later be used to elevate their privileges to root.

Affected Versions

  • Cisco Unified CM and Unified CM SME Release from 14SU6 and before 14SU6
  • Cisco Unified CM and Unified CM SME Release from 15SU5 and before 15SU5

NOTE: This vulnerability affects Cisco Unified CM and Unified CM SME if the WebDialer service is enabled.

To determine whether WebDialer is enabled, complete the following steps:

  1. Log in to the Cisco Unified CM Administration interface.
  2. Select Cisco Unified Serviceability from the Navigation menu and then click Go.
  3. Choose Control Center – Feature Services from the Tool menu.
  4. In the CTI Services section of the page, check whether the status of the Cisco WebDialer Web Service is Started or Not Running.

If the status is Started, WebDialer is enabled.

Mitigation

  • Cisco Unified CM and Unified CM SME Release 14SU6
  • Cisco Unified CM and Unified CM SME Release 15SU5 (Sep 2026) or COP

Customers can refer to the Cisco Security Advisory (cisco-sa-cucm-ssrf-cXPnHcW) for information about patches released for the vulnerability.

Qualys Detection

Qualys customers can scan their devices with QID 317856 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssrf-cXPnHcW

Comments are closed.

You may also like