GoKawiilCisco has released security updates to patch a critical-severity Unified Communications Manager (Unified CM) flaw that allows attackers to gain root privileges.
Cisco Unified CM (formerly known as Cisco CallManager) serves as the central control system for Cisco IP telephony systems, handling device management, call routing, and telephony features.
The vulnerability (tracked as CVE-2026-20230) can be exploited remotely by threat actors without privileges in low-complexity server-side request forgery (SSRF) attacks.
"An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to write files to the underlying operating system that could be used later to elevate to root," Cisco said.
"Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root."
Cisco's Product Security Incident Response Team (PSIRT) is aware of publicly available proof-of-concept exploit code for CVE-2026-20230, but has yet to find evidence of active exploitation or targeting.
Luckily, the vulnerability only impacts systems where the WebDialer service is enabled, and WebDialer is disabled by default.
To check whether WebDialer is enabled, log in to Cisco Unified CM Administration, go to "Cisco Unified Serviceability," click "Go," and check the service status in the Tools > CTI Services menu under "Control Center - Feature Services."
While there are no workarounds to mitigate this vulnerability, and it's highly recommended to install Cisco Unified CM versions 14SU6 or 15SU5 (Sep 2026 or COP), administrators can also disable the WebDialer service until a patch is applied to block any incoming CVE-2026-20230 attacks.
To disable WebDialer, go through the following steps:
... continue reading