DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2026-20045: Dial 'R' for Root: Inside the Cisco Unified CM Zero-Day

#security #cve #cybersecurity

Dial 'R' for Root: Inside the Cisco Unified CM Zero-Day

Vulnerability ID: CVE-2026-20045
CVSS Score: 8.2
Published: 2026-01-21

A critical zero-day vulnerability in the web-based management interface of Cisco Unified Communications products allows unauthenticated remote attackers to execute arbitrary commands. The flaw grants initial user-level access, which can be leveraged to escalate privileges to root, effectively handing over control of the organization's entire telephony infrastructure.

TL;DR

Cisco Unified Communications Manager (CUCM) and related products contain a critical RCE vulnerability (CVE-2026-20045). An unauthenticated attacker can send crafted HTTP requests to the management interface to execute system commands. While the initial CVSS is 8.2, Cisco rates this as Critical because it facilitates a direct path to root privileges. It is currently being actively exploited in the wild. Patch immediately.

⚠️ Exploit Status: ACTIVE

Technical Details

  • CWE ID: CWE-94 (Code Injection)
  • CVSS v3.1: 8.2 (High)
  • Attack Vector: Network (Unauthenticated)
  • Privilege Level: None -> Root
  • Exploit Status: Active Exploitation (CISA KEV)
  • Vendor Severity: Critical

Affected Systems

  • Cisco Unified Communications Manager (12.5, 14, 15)
  • Cisco Unified CM Session Management Edition
  • Cisco Unified CM IM & Presence Service
  • Cisco Unity Connection
  • Cisco Webex Calling Dedicated Instance
  • Cisco Unified Communications Manager: 12.5(1) < 12.5(1)SU10 (Fixed in: 12.5(1)SU10)
  • Cisco Unified Communications Manager: 14 < 14SU5 (Fixed in: 14SU5)
  • Cisco Unified Communications Manager: 15 < 15SU4 (Fixed in: 15SU4)

Exploit Details

  • CISA KEV: Confirmed active exploitation in the wild.

Mitigation Strategies

  • Network Segmentation: Restrict access to web management ports (443/8443) to trusted management VLANs only.
  • Log Monitoring: Audit logs for suspicious shell metacharacters in HTTP URI parameters.
  • Immediate Patching: Apply vendor-supplied updates as no configuration workarounds exist.

Remediation Steps:

  1. Identify all Cisco Unified Communications assets in the environment.
  2. Download the appropriate SU (Service Update) from Cisco Software Central.
  3. For version 12.5(1), install SU10 or later.
  4. For version 14, install SU5 or later.
  5. For version 15, install SU4 or later.
  6. Reboot the cluster nodes sequentially to apply the fix.

References

Read the full report for CVE-2026-20045 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)