InfoSecBulletin Cybersecurity for mankind
Cisco revealed a zero-day RCE vulnerability, CVE-2026-20045, that is being actively exploited. The vulnerability in key Unified Communications products lets unauthenticated attackers execute arbitrary commands on the OS, risking root access.
This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root.
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
Affected Products:
This vulnerability impacts these Cisco products regardless of configuration:
| Product | Bug ID |
|---|---|
| Unified CM | CSCwr21851 |
| Unified CM SME | CSCwr21851 |
| Unified CM IM&P | CSCwr29216 |
| Unity Connection | CSCwr29208 |
| Webex Calling Dedicated Instance | CSCwr21851 |
Products like Contact Center SIP Proxy, Unified CCE, and others are confirmed unaffected. Check the advisory for full details.
Fixed Releases and Patches:
Cisco released updates and patches. Migrate or apply version-specific fixes; consult patch READMEs.
Unified CM, IM&P, SME, Webex Calling
| Release | First Fixed Release |
|---|---|
| 12.5 | Migrate to fixed release |
| 14 | 14SU5 or 14SU4a patch |
| 15 | 15SU4 (Mar 2026) or 15SU2/3 patches |
Unity Connection
| Release | First Fixed Release |
|---|---|
| 12.5 | Migrate to fixed release |
| 14 | 14SU5 or 14SU4 patch |
| 15 | 15SU4 (Mar 2026) or 15SU3 patch |
PSIRT validates only listed releases.
Exploitation in the Wild:
Cisco PSIRT found active exploits affecting unpatched systems. Attackers probably use automated tools to search for exposed interfaces. Companies with vulnerable VoIP/UC systems are at considerable risk, particularly in hybrid work settings.
Apply patches right away. Limit the management interface to trusted IPs using firewalls. Keep an eye on logs for unusual HTTP requests. CISA has added this to the Known Exploited Vulnerabilities list.
