7 min read
By: RedLegg's Cyber Threat Intelligence Team
About:
CVE-2026-20230 is a server-side request forgery (SSRF) vulnerability affecting Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME).
The vulnerability allows an attacker to abuse WebDialer functionality to perform unauthorized server-side requests. Successful exploitation may enable the creation of arbitrary files on the underlying operating system.
These files could subsequently be leveraged to elevate privileges to root, resulting in full system compromise, unauthorized administrative access, and disruption of communications infrastructure.
Cisco has indicated that proof-of-concept exploit code is available.
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
VULNERABILITIES
Server-Side Request Forgery Vulnerability in Cisco Unified Communications Manager
Identifier: CVE-2026-20230
PoC or Exploitation: Cisco indicated that proof-of-concept exploit code is available for CVE-2026-20230.
CVSS Score: 8.6 (High, CVSS v3.1)
Update / Patch:
Cisco has released security updates and remediation guidance for affected deployments.
Affected versions include:
- Cisco Unified Communications Manager Release 14 versions prior to 14SU6
- Cisco Unified Communications Manager Release 15 versions prior to 15SU5
- Cisco Unified Communications Manager Session Management Edition Release 14 versions prior to 14SU6
- Cisco Unified Communications Manager Session Management Edition Release 15 versions prior to 15SU5
Fixed versions include:
- Cisco Unified Communications Manager Release 14SU6
- Cisco Unified Communications Manager Release 15SU5 when available
- Cisco Unified Communications Manager Session Management Edition Release 14SU6
- Cisco Unified Communications Manager Session Management Edition Release 15SU5 when available
For Release 15 deployments awaiting 15SU5 availability, Cisco has provided a COP file as a temporary remediation measure.
Official Cisco advisory
Description:
CVE-2026-20230 is a server-side request forgery (SSRF) vulnerability affecting Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME).
A successful exploitation may enable an attacker to write arbitrary files to the underlying operating system. These files could subsequently be leveraged to elevate privileges to root, resulting in full system compromise.
Mitigation Recommendation:
Immediately identify Cisco Unified CM and Unified CM SME deployments with WebDialer enabled.
Upgrade affected systems to Cisco Unified CM and Unified CM SME Release 14SU6 or later.
Apply Cisco-provided COP files where applicable until fixed releases can be deployed.
Review system logs and administrative activity for indicators of SSRF attempts, unexpected file creation, or unauthorized configuration changes.
Restrict access to management interfaces and services where operationally feasible.
