Description
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected device.

This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to write files to the underlying operating system that could be used later to elevate to root.

Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root.

Note: To exploit this vulnerability, the WebDialer service must be enabled. WebDialer is disabled by default.
Published: 2026-06-03
Score: 8.6 High
EPSS: 20.4% Moderate
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A server‑side request forgery flaw is present in Cisco Unified Communications Manager and Unified CM Session Management Edition. The vulnerability arises from inadequate validation of certain HTTP requests processed by the WebDialer service. An attacker who can reach the affected device can send a crafted request that causes the system to write arbitrary files to the underlying operating system. The file write capability can subsequently be used to elevate privileges to root, thereby increasing the impact of the SSRF beyond simple data exfiltration. The weakness is identified as CWE‑918.

Affected Systems

Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition deployments where the WebDialer service is enabled. WebDialer is disabled by default. No specific affected version information is available in the CVE data.

Risk and Exploitability

The CVSS score of 8.6 classifies the vulnerability as High. The EPSS score of 20% indicates a significant likelihood of exploitation. The vulnerability is not yet listed in the CISA KEV catalog. An unauthenticated, remote attacker can trigger the flaw by sending an HTTP request to the target device, provided the WebDialer service is running. Because the vulnerability permits writing files that may later be used to elevate privileges, the risk to confidentiality, integrity, and availability is severe.

Generated by OpenCVE AI on June 24, 2026 at 03:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Ensure the WebDialer service is disabled on all Cisco Unified Communications Manager installations unless absolutely required. If the service must remain enabled, promptly apply any Cisco patch or update that addresses the SSRF issue.
  • Restrict network access to the CUCM appliance so that only trusted internal hosts can communicate with it, preventing external attackers from reaching the vulnerable service.
  • Configure firewalls or IPS/IDS rules to block or alert on suspicious outbound connections initiated by the CUCM device, mitigating potential use of the SSRF for data exfiltration or lateral movement.

Generated by OpenCVE AI on June 24, 2026 at 03:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 03:30:00 +0000

Type Values Removed Values Added
Title SSRF Vulnerability Allowing File Write and Root Privilege Escalation in Cisco Unified Communications Manager

Tue, 23 Jun 2026 23:45:00 +0000

Type Values Removed Values Added
Title Server‑Side Request Forgery allows privilege escalation via WebDialer in Cisco Unified Communications Manager

Tue, 23 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Title Server‑Side Request Forgery allows privilege escalation via WebDialer in Cisco Unified Communications Manager

Tue, 23 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Title Server‑Side Request Forgery Enabling Root Privileges in Cisco Unified Communications Manager

Wed, 03 Jun 2026 19:15:00 +0000

Type Values Removed Values Added
Title Server‑Side Request Forgery Enabling Root Privileges in Cisco Unified Communications Manager
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 03 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco cisco Unified Communications Manager
Vendors & Products Cisco
Cisco cisco Unified Communications Manager

Wed, 03 Jun 2026 17:45:00 +0000

Type Values Removed Values Added
Description A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to write files to the underlying operating system that could be used later to elevate to root. Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root. Note: To exploit this vulnerability, the WebDialer service must be enabled. WebDialer is disabled by default.
Weaknesses CWE-918
References
Metrics cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N'}

Subscriptions

Cisco Cisco Unified Communications Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-06-04T03:55:49.665Z

Reserved: 2025-10-08T11:59:15.399Z

Link: CVE-2026-20230

cve-icon Vulnrichment

Updated: 2026-06-03T17:36:57.584Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-03T18:16:20.160

Modified: 2026-06-04T13:54:40.593

Link: CVE-2026-20230

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T03:15:04Z

Weaknesses
  • CWE-918

    Server-Side Request Forgery (SSRF)