Description
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected device.

This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to write files to the underlying operating system that could be used later to elevate to root.
Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root.
Note: To exploit this vulnerability, the WebDialer service must be enabled. WebDialer is disabled by default.
Published: 2026-06-03
Score: 8.6 High
EPSS: 41.7% Moderate
KEV: Yes
Impact: n/a
Action: n/a
AI Analysis

Impact

The updated CVE description clarifies that the vulnerability is a server‑side request forgery that allows unauthenticated attackers to send crafted HTTP requests to an enabled WebDialer service, enabling arbitrary file writes to the host operating system and potentially privilege escalation to root. It emphasizes that the flaw arises from improper input validation in specific HTTP endpoints and requires WebDialer to be active, which is disabled by default, reducing the attack surface.

Affected Systems

Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition are impacted, but only installations where the WebDialer service is enabled are vulnerable. The service is disabled by default, so environments that have not explicitly enabled WebDialer are not affected, and no specific version details are provided.

Risk and Exploitability

The CVSS score of 8.6 and an EPSS score of 42% indicate a high severity with a significant likelihood of exploitation. This vulnerability is listed in the CISA KEV catalog, underscoring its real‑world exploitation risk. An attacker who can reach the affected device via the WebDialer interface can issue HTTP requests that result in arbitrary file writes, providing a direct path to privilege escalation on the CUCM host.

Generated by OpenCVE AI on July 14, 2026 at 01:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Cisco Unified Communications Manager patch that fixes CVE‑2026‑20230.
  • Disable the WebDialer service on all CUCM installations unless the service is strictly required.
  • Restrict inbound traffic to the CUCM appliance so that only trusted internal hosts can communicate with it, and configure outbound firewall rules to block or tightly control HTTP requests sent by the appliance to external hosts.

Generated by OpenCVE AI on July 14, 2026 at 01:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 17:15:00 +0000

Type Values Removed Values Added
Description A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to write files to the underlying operating system that could be used later to elevate to root. Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root. Note: To exploit this vulnerability, the WebDialer service must be enabled. WebDialer is disabled by default. A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to write files to the underlying operating system that could be used later to elevate to root. Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root. Note: To exploit this vulnerability, the WebDialer service must be enabled. WebDialer is disabled by default.
Title SSRF Vulnerability in Cisco Unified Communications Manager Allows Privilege Escalation Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability

Sat, 27 Jun 2026 16:15:00 +0000

Type Values Removed Values Added
Title SSRF Vulnerability in Cisco Unified Communications Manager Allows Privilege Escalation

Fri, 26 Jun 2026 15:15:00 +0000

Type Values Removed Values Added
Title SSRF Vulnerability in Cisco Unified Communications Manager Enabling Privilege Escalation

Thu, 25 Jun 2026 22:00:00 +0000

Type Values Removed Values Added
Title SSRF Vulnerability in Cisco Unified Communications Manager Enabling Privilege Escalation

Thu, 25 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 25 Jun 2026 20:00:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2026-06-25T00:00:00+00:00', 'dueDate': '2026-06-28T00:00:00+00:00'}


Thu, 25 Jun 2026 15:15:00 +0000

Type Values Removed Values Added
Title Server‑Side Request Forgery in Cisco Unified Communications Manager Enables Privilege Escalation

Wed, 24 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 24 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Title Server‑Side Request Forgery in Cisco Unified Communications Manager Enables Privilege Escalation

Wed, 24 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Title SSRF Enabling Arbitrary File Write and Privilege Escalation in Cisco Unified Communications Manager

Wed, 24 Jun 2026 08:45:00 +0000

Type Values Removed Values Added
Title SSRF Enabling Arbitrary File Write and Privilege Escalation in Cisco Unified Communications Manager

Wed, 24 Jun 2026 06:45:00 +0000

Type Values Removed Values Added
Title SSRF Vulnerability Allowing File Write and Root Privilege Escalation in Cisco Unified Communications Manager

Wed, 24 Jun 2026 03:30:00 +0000

Type Values Removed Values Added
Title SSRF Vulnerability Allowing File Write and Root Privilege Escalation in Cisco Unified Communications Manager

Tue, 23 Jun 2026 23:45:00 +0000

Type Values Removed Values Added
Title Server‑Side Request Forgery allows privilege escalation via WebDialer in Cisco Unified Communications Manager

Tue, 23 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Title Server‑Side Request Forgery allows privilege escalation via WebDialer in Cisco Unified Communications Manager

Tue, 23 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Title Server‑Side Request Forgery Enabling Root Privileges in Cisco Unified Communications Manager

Wed, 03 Jun 2026 19:15:00 +0000

Type Values Removed Values Added
Title Server‑Side Request Forgery Enabling Root Privileges in Cisco Unified Communications Manager
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 03 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco cisco Unified Communications Manager
Vendors & Products Cisco
Cisco cisco Unified Communications Manager

Wed, 03 Jun 2026 17:45:00 +0000

Type Values Removed Values Added
Description A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to write files to the underlying operating system that could be used later to elevate to root. Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root. Note: To exploit this vulnerability, the WebDialer service must be enabled. WebDialer is disabled by default.
Weaknesses CWE-918
References
Metrics cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N'}


Subscriptions

Cisco Cisco Unified Communications Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-07-01T16:28:16.838Z

Reserved: 2025-10-08T11:59:15.399Z

Link: CVE-2026-20230

cve-icon Vulnrichment

Updated: 2026-06-03T17:36:57.584Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-03T18:16:20.160

Modified: 2026-06-04T13:54:40.593

Link: CVE-2026-20230

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-14T02:00:04Z

Weaknesses
  • CWE-918

    Server-Side Request Forgery (SSRF)