Close Menu

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    CISA: Microsoft SharePoint RCE flaw now actively exploited

    July 2, 2026

    you only have 6 days….

    July 2, 2026

    Cisco finally confirms attackers exploiting Unified CM flaw

    July 2, 2026
    Facebook X (Twitter) Instagram
    • Demos
    • Technology
    • Gaming
    • Buy Now
    Facebook X (Twitter) Instagram Pinterest Vimeo
    Canadian Cyber WatchCanadian Cyber Watch
    • Home
    • News
    • Alerts
    • Tips
    • Tools
    • Industry
    • Incidents
    • Events
    • Education
    Subscribe
    Canadian Cyber WatchCanadian Cyber Watch
    Home»News»Cisco finally confirms attackers exploiting Unified CM flaw
    News

    Cisco finally confirms attackers exploiting Unified CM flaw

    adminBy adminJuly 2, 2026No Comments3 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Cisco

    Cisco confirmed that attackers are now exploiting a Unified Communications Manager (Unified CM) vulnerability patched in early June.

    Unified CM (formerly known as Cisco CallManager) is the central control system for Cisco IP telephony systems, handling call routing, device management, and telephony features.

    Threat actors without privileges can exploit the vulnerability (CVE-2026-20230) remotely in low-complexity server-side request forgery (SSRF) attacks by sending a crafted HTTP request.

    image

    Cisco said on June 3, when it released security patches to address this issue, that its Product Security Incident Response Team (PSIRT) was aware of publicly available proof-of-concept exploit code for CVE-2026-20230 but had no evidence of active exploitation.

    However, roughly three weeks later, on June 22, threat intelligence firm Defused revealed that attackers had begun exploiting the flaw using properly constructed file:// payloads to create files on targeted devices.

    CVE-2026-20230 exploitation
    CVE-2026-20230 exploitation (Defused)

    One day later, SSD Secure also published a technical write-up that included a proof-of-concept exploit and explained how the vulnerability works.

    BleepingComputer contacted Cisco at the time to ask whether they were also seeing the flaw actively exploited in attacks and whether they could share any IOCs with defenders, but we have yet to receive a response.

    The company finally confirmed this Wednesday that attackers are now exploiting CVE-2026-20230 and urged customers to secure their systems against ongoing exploitation.

    “The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability that is described in this advisory,” Cisco notes in an update to the original advisory.

    “In June 2026, the Cisco PSIRT became aware of active exploitation of this vulnerability. Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability.”

    Cisco has also shared mitigation measures for admins and security teams who can’t immediately install Cisco Unified CM versions 14SU6 or 15SU5 (Sep 2026 or COP), advising them to disable the vulnerable WebDialer service until a patch is applied to block incoming CVE-2026-20230 attacks.

    Internet security watchdog Shadowserver is currently tracking over 200 Cisco Unified CM instances exposed online, most of them in Asia and North America, but there are no details regarding how many have been secured against ongoing CVE-2026-20230 attacks.

    Cisco Unified CM instances exposed online.png
    Cisco Unified CM instances exposed online (Shadowserver)

    ​In recent years, Cisco has also patched two Unified CM flaws (CVE-2024-20253 and CVE-2025-20309) that enabled threat actors to gain root privileges and another Unified CM flaw (CVE-2026-20045) that has been actively exploited as a zero-day to gain remote code execution.

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) tagged 93 Cisco vulnerabilities as actively exploited in the wild since November 2021, six of which have been abused in ransomware attacks.


    article image

    Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

    The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

    Get the whitepaper



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleClaude Fable 5 isn’t permanently leaving subscriptions, Anthropic says
    Next Article you only have 6 days….
    admin
    • Website

    Related Posts

    News

    CISA: Microsoft SharePoint RCE flaw now actively exploited

    July 2, 2026
    News

    Claude Fable 5 isn’t permanently leaving subscriptions, Anthropic says

    July 2, 2026
    News

    Claude Fable relaunch disappoints users with nerfed performance

    July 2, 2026
    Add A Comment

    Comments are closed.

    Demo
    Top Posts

    Catchy & Intriguing

    March 17, 202677 Views

    IP Address Investigations and Local OSINT

    March 20, 202633 Views

    Defending Canada’s Digital Frontier: Combating Phishing, Social Engineering, Ransomware, and Malware

    March 23, 202632 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews
    85
    Featured

    Pico 4 Review: Should You Actually Buy One Instead Of Quest 2?

    January 15, 2021 Featured
    8.1
    Uncategorized

    A Review of the Venus Optics Argus 18mm f/0.95 MFT APO Lens

    January 15, 2021 Uncategorized
    8.9
    Editor's Picks

    DJI Avata Review: Immersive FPV Flying For Drone Enthusiasts

    January 15, 2021 Editor's Picks

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Demo
    Most Popular

    Catchy & Intriguing

    March 17, 202677 Views

    IP Address Investigations and Local OSINT

    March 20, 202633 Views

    Defending Canada’s Digital Frontier: Combating Phishing, Social Engineering, Ransomware, and Malware

    March 23, 202632 Views
    Our Picks

    CISA: Microsoft SharePoint RCE flaw now actively exploited

    July 2, 2026

    you only have 6 days….

    July 2, 2026

    Cisco finally confirms attackers exploiting Unified CM flaw

    July 2, 2026

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Facebook X (Twitter) Instagram Pinterest
    • Home
    • Technology
    • Gaming
    • Phones
    • Buy Now
    © 2026 ThemeSphere. Designed by ThemeSphere.

    Type above and press Enter to search. Press Esc to cancel.