Cisco Unified CM vulnerability exploited to deploy webshells
▼ Summary
– CVE-2026-20230 is a server-side request forgery (SSRF) vulnerability in Cisco’s Unified Communications Manager (Unified CM).
– The vulnerability is being exploited to drop webshells on the underlying server.
– The attack achieves remote code execution capability on the affected system.
Threat actors are actively exploiting a server-side request forgery (SSRF) vulnerability in Cisco’s Unified Communications Manager (Unified CM), tracked as CVE-2026-20230, to deploy webshells and establish remote code execution capabilities on targeted servers. Security researchers report that honeypot sensors have detected ongoing attacks leveraging this flaw to gain persistent access to affected systems.
The vulnerability allows an unauthenticated attacker to send crafted requests to the vulnerable application, which can then be used to probe internal networks or, more critically, execute arbitrary commands. Once a webshell is installed, the attacker maintains a foothold for further lateral movement or data exfiltration.
Cisco has released a security advisory urging administrators to apply the necessary patches immediately. The company emphasizes that successful exploitation could lead to full compromise of the Unified CM environment, which is a core component for voice and video communications in many enterprises. Organizations running affected versions of the software should prioritize patching and review their network segmentation to limit exposure.
(Source: Help Net Security)
