—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Remote Code Execution Vulnerability in CISCO 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Systems Affected

Unified CM

Unified CM SME 

Unified CM IM&P 

Unity Connection 

Webex Calling Dedicated Instance

Overview

A vulnerability has been reported in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device.

Target Audience: 

All IT administrators and individuals responsible for maintaining and updating in Software.

Risk Assessment:

High risk of data manipulation and service disruption.

Impact Assessment:

Potential impact on confidentiality, integrity, and availability of the system.

Description

This vulnerability exists due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device.

Successful exploitation of this vulnerability could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root.

Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root.

Solution

Apply appropriate updates as mentioned in Cisco Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b

Vendor Information

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b

References

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b

CVE Name

CVE-2026-20045

– – —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAml0l0sACgkQ3jCgcSdc

ys/g2Q/7BuYvXDQFB3e24YjkCNoBbWqGAtU8h6J3Yar4tD7HA70KHi55s20wIyRi

ZpBPbhhcaL/9dCcTzTLESaKNc6gt9K2NtMT8EG8IfHIvNdoc/wuhw7UO0RVt2Q7e

SBeqyph48mll4IYzjebTMLEa+yyjCv8fZU1u1K30L6JCPIzbvCtHAapVvFqlPf3a

GE9IfunJM+94NuSr4y08un+CiWw4wD13zp9wtx4TqIuKyPy3TORwfxC/B0KKR+dU

LEQnB9PV0XErCpnoKlONyXKbDyNFK7FJ4zTra+hOpKeF+hmyHUKElpTEEEqKEQMN

hdqnU8yS6T1ENyaVw82o2nHkokbV+cVfA4TU3ZBrnEBOxI2OIQXP1C8CtA9fzOGV

Bnh3uYE9RrBhNipDZ+Ucr6bV7cJQ+6l9Ry4EEbpSX9kjVdtACoLrZHGFuNOjGF38

qJA+FSvDsWC3Dj/OKWl9b2+AH9fQDKRzD4z+ehhg3NUP7DWA72AvX0z8x311IvUY

l0T2ACG6BME/SWU4+q2i5MwVCaxvFWFeRyH8wytJwZ/pIPH0EFceDV+IjFybrYlG

ranByXly5BorHiqzPvnQ2eofbw6Pihg2G4EZHuT8OW1kwHkQjJNRhP0TNbyoXLNX

xdlGS5ai8x/bo+7lLnITu/BDDqD0HbzKC/OO/HGMDtMeS+emrAQ=

=yrqp

—–END PGP SIGNATURE—–