Cisco Unified Communications 0-day RCE Vulnerability Exploited in the Wild to Gain Root Access - CyberSecurityNews

Home Cyber Security News Cisco Unified Communications 0-day RCE Vulnerability Exploited in the Wild to Gain... Cisco has disclosed a critical zero-day remote code execution (RCE) vulnerability, CVE-2026-20045, actively exploited in the wild. Affecting key Unified Communications products, this flaw allows unauthenticated attackers to run arbitrary commands on the underlying OS, potentially gaining root access. The Cisco Product Security Incident Response Team (PSIRT) confirmed exploitation attempts and urged immediate patching. The issue stems from improper validation of user-supplied input in HTTP requests to the web-based management interface. An attacker sends crafted HTTP requests that bypass authentication, execute commands at the user level, and then escalate privileges to root. Cisco rated it Critical via Security Impact Rating (SIR), overriding the CVSS score due to root-level risks. No workarounds exist. Exploitation requires network access to the management interface, common in enterprise VoIP setups exposed via firewalls or VPNs. Affected Products This vulnerability impacts these Cisco products regardless of configuration: Product Bug ID Unified CM CSCwr21851 Unified CM SME CSCwr21851 Unified CM IM&P CSCwr29216 Unity Connection CSCwr29208 Webex Calling Dedicated Instance CSCwr21851 Products like Contact Center SIP Proxy, Unified CCE, and others are confirmed unaffected. Check the advisory for full details. Fixed Releases and Patches Cisco released updates and patches. Migrate or apply version-specific fixes; consult patch READMEs. Unified CM, IM&P, SME, Webex Calling Release First Fixed Release 12.5 Migrate to fixed release 14 14SU5 or 14SU4a patch 15 15SU4 (Mar 2026) or 15SU2/3 patches Unity Connection Release First Fixed Release 12.5 Migrate to fixed release 14 14SU5 or 14SU4 patch 15 15SU4 (Mar 2026) or 15SU3 patch PSIRT validates only listed releases. Exploitation in the Wild Cisco PSIRT detected real-world exploits targeting unpatched systems. Attackers likely leverage automated scanners for exposed interfaces. Enterprises running vulnerable VoIP/UC deployments face high risk, especially in hybrid work environments. Apply patches immediately. Restrict management interface to trusted IPs via firewalls. Monitor logs for anomalous HTTP requests. CISA added this to the Known Exploited Vulnerabilities soon. An external researcher reported the flaw; Cisco credited them in the advisory. Stay vigilant: zero-day vulnerabilities like CVE-2026-20045 underscore UC platform risks amid rising RCE trends. Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories. RELATED ARTICLESMORE FROM AUTHOR Cyber Security News Researchers Decrypt and Exploit Encrypted Palo Alto Cortex XDR BIOC Rules Cyber Security News New CondiBot Variant and ‘Monaco’ Cryptominer Expand Threats to Network Devices Cyber Security Stryker Confirms Destructive Wiper Attack – Tens of Thousands of Devices Wiped Top 10 Essential E-Signature Solutions for Cybersecurity in 2026 January 31, 2026 Top 10 Best Data Removal Services In 2026 January 29, 2026 Best VPN Services of 2026: Fast, Secure & Affordable January 26, 2026 Top 10 Best Data Security Companies in 2026 January 23, 2026 Top 15 Best Ethical Hacking Tools – 2026 January 15, 2026