CVE-2026-20045
Cisco Unified Communications Products Code Injection Vulnerability
CVSS
—
Sin CVSS
EPSS
4.3%
p90
KEV
SÍ
21 ene 2026
Exploit Today
77
0-100
Publicado: — · Última mod.: —
Producto
Cisco / Unified Communications Manager
Vulnerabilidad
Cisco Unified Communications Products Code Injection Vulnerability
Añadido a KEV
21 ene 2026
Remediar antes de
11 feb 2026
Uso conocido en ransomware
No
Descripción resumida
Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance contain a code injection vulnerability that could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root.
Acción requerida
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notas
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b ; https://nvd.nist.gov/vuln/detail/CVE-2026-20045