{"id":15529,"date":"2026-01-22T12:17:15","date_gmt":"2026-01-22T12:17:15","guid":{"rendered":"https:\/\/newestek.com\/?p=15529"},"modified":"2026-01-22T12:17:15","modified_gmt":"2026-01-22T12:17:15","slug":"actively-exploited-cisco-uc-bug-requires-immediate-version-specific-patching","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=15529","title":{"rendered":"Actively exploited Cisco UC bug requires immediate, version\u2011specific patching"},"content":{"rendered":"
\n
\n
\n
\n
\n
\n
<\/div>\n<\/section>\n

Cisco has released patches for a critical remote code execution vulnerability in its unified communications products that attackers are actively exploiting. The US Cybersecurity and Infrastructure Security Agency has added the flaw to its Known Exploited Vulnerabilities catalog, confirming the exploitation.<\/p>\n

Cisco disclosed CVE-2026-20045<\/a> along with patches for Unified Communications Manager, Unity Connection, and Webex Calling Dedicated Instance. The company assigned the vulnerability a \u201cCritical\u201d severity rating despite its CVSS score of 8.2.<\/p>\n

\u201cCisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates,\u201d the company said in its advisory<\/a>. \u201cThe reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root.\u201d<\/p>\n

CISA\u2019s addition of the vulnerability to its KEV catalog confirms attackers are exploiting it in the wild. \u201cThis type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise,\u201d CISA said in its alert.<\/a><\/p>\n

This is the second actively exploited Cisco vulnerability CISA has added to its KEV catalog in recent weeks. Last week, the agency added CVE-2025-20393<\/a>, affecting Cisco\u2019s AsyncOS software.<\/p>\n

\u201cOther collaboration products, including Contact Center Enterprise, Emergency Responder, Finesse, Unified Intelligence Center, and Unified Contact Center Express, are not vulnerable to CVE-2026-20045,\u201d the advisory added.<\/p>\n

Root-level compromise with no user interaction<\/h2>\n

The vulnerability stems from improper validation of user-supplied input in HTTP requests. \u201cAn attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device,\u201d Cisco explained in the advisory. \u201cA successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root.\u201d<\/p>\n

The attack requires no user interaction and can be carried out by unauthenticated remote attackers, making it particularly dangerous for internet-facing unified communications deployments, the advisory added.<\/p>\n

Cisco\u2019s Product Security Incident Response Team added that it is \u201caware of attempted exploitation of this vulnerability in the wild,\u201d underscoring the urgency of patching.<\/p>\n

No workarounds available<\/h2>\n

Cisco confirmed in the advisory that there are no workarounds or mitigations available for CVE-2026-20045. The company has released fixes specific to each product version.<\/p>\n

For Unified Communications Manager, IM&P, SME, and Webex Calling Dedicated Instance running version 14, the company suggested administrators can upgrade to version 14SU5 or apply a version-specific patch file. Organizations running version 15 can apply version-specific patches for 15SU2 and 15SU3a, with a full release of version 15SU4 expected in March 2026, the company added.<\/p>\n

Unity Connection administrators have similar options, with version-specific patch files available for releases 14SU4 and 15SU3.<\/p>\n

Organizations still running version 12.5 face a harder choice: Cisco won\u2019t release patches for this version and recommends migrating to a supported release.<\/p>\n

\u201cCustomers are advised to migrate to a supported release that includes the fix for this vulnerability,\u201d Cisco said in the advisory. Patches are version-specific, and administrators should consult the README files attached to each patch for deployment details, the advisory added.<\/p>\n

Federal agencies face a deadline<\/h2>\n

CISA\u2019s inclusion of CVE-2026-20045 in the KEV catalog triggers mandatory remediation timelines for Federal Civilian Executive Branch agencies under Binding Operational Directive 22-01. Federal agencies must patch the vulnerability within two weeks of its January 21 addition to the catalog.<\/p>\n

While BOD 22-01 applies specifically to federal agencies, CISA \u201cstrongly recommends\u201d that all organizations treat KEV-listed vulnerabilities as high-priority patching targets. The catalog tracks flaws with confirmed active exploitation, making them significantly more likely to be weaponized against a broader range of targets.<\/p>\n

How to patch<\/h2>\n

Cisco said organizations should check for signs of potential compromise on all internet-accessible instances after applying mitigations. The company advised administrators to review system logs and configurations for any unauthorized changes or suspicious activity that may indicate prior exploitation.<\/p>\n

For organizations unable to immediately upgrade to fixed releases, the company said version-specific patch files offer an interim remediation option. However, Cisco noted that patches must match the exact software version running on the device, and administrators should verify compatibility before deployment.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Cisco has released patches for a critical remote code execution vulnerability in its unified communications products that attackers are actively exploiting. The US Cybersecurity and Infrastructure Security Agency has added the flaw to its Known Exploited Vulnerabilities catalog, confirming the exploitation. Cisco disclosed CVE-2026-20045 along with patches for Unified Communications Manager, Unity Connection, and Webex Calling Dedicated Instance. The company assigned the vulnerability a \u201cCritical\u201d… <\/p>\n

Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-15529","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15529","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=15529"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15529\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=15529"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=15529"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=15529"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}