bleeping-computer · Crawled Jul 5, 2026

Cisco finally confirms attackers exploiting Unified CM flaw

Read original article ↗

AI Summary

Cisco has confirmed active exploitation of a critical vulnerability (CVE-2026-20230) in its Unified Communications Manager (Unified CM) software. The flaw allows unauthenticated attackers to perform server-side request forgery (SSRF) attacks via crafted HTTP requests. Cisco urges customers to apply patches immediately or disable the vulnerable WebDialer service as a mitigation. The vulnerability follows a trend of repeated security issues in Cisco Unified CM devices.

AI-extracted · verify before operational use

No entities or IoCs were extracted from this article.