By Guru Baran
Publication Date: 2026-01-22 03:32:00
Cisco has disclosed a critical zero-day remote code execution (RCE) vulnerability, CVE-2026-20045, actively exploited in the wild.
Affecting key Unified Communications products, this flaw allows unauthenticated attackers to run arbitrary commands on the underlying OS, potentially gaining root access.
The Cisco Product Security Incident Response Team (PSIRT) confirmed exploitation attempts and urged immediate patching.
The issue stems from improper validation of user-supplied input in HTTP requests to the web-based management interface. An attacker sends crafted HTTP requests that bypass authentication, execute commands at the user level, and then escalate privileges to root. Cisco rated it Critical via Security Impact Rating (SIR), overriding the CVSS score due to root-level risks.
No workarounds exist. Exploitation requires network access to the management interface, common in enterprise VoIP setups exposed via firewalls or VPNs.
