By Sergiu Gatlan
Publication Date: 2026-06-04 11:09:00
Cisco has released security updates to patch a critical-severity Unified Communications Manager (Unified CM) flaw that allows attackers to gain root privileges.
Cisco Unified CM (formerly known as Cisco CallManager) serves as the central control system for Cisco IP telephony systems, handling device management, call routing, and telephony features.
The vulnerability (tracked as CVE-2026-20230) can be exploited remotely by threat actors without privileges in low-complexity server-side request forgery (SSRF) attacks.
“An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to write files to the underlying operating system that could be used later to elevate to root,” Cisco said.
“Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result…
