CVE-2026-20045
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco
Publication date: 2026-01-21
Last updated on: 2026-02-13
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Affected Vendors & Products
| Vendor | Product | Version |
|---|---|---|
| cisco | unified_communications_manager | From 12.5 (inc) to 14su5 (exc) |
| cisco | unified_communications_manager | From 12.5 (inc) to 14su5 (exc) |
| cisco | unified_communications_manager | From 15.0 (inc) to 15su3a (inc) |
| cisco | unified_communications_manager | From 15.0 (inc) to 15su3a (inc) |
| cisco | unified_communications_manager_im_and_presence_service | From 12.5 (inc) to 14su5 (exc) |
| cisco | unified_communications_manager_im_and_presence_service | From 15.0 (inc) to 15su3a (inc) |
| cisco | unity_connection | From 12.5 (inc) to 14su5 (exc) |
| cisco | unity_connection | From 15.0 (inc) to 15su3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a critical remote code execution flaw in multiple Cisco Unified Communications products. It occurs due to improper validation of user-supplied input in HTTP requests to the web-based management interface. An unauthenticated remote attacker can exploit this by sending specially crafted HTTP requests, allowing them to execute arbitrary commands on the underlying operating system. Initially, the attacker gains user-level OS access and can then escalate privileges to root. [1]
How can this vulnerability impact me? :
Exploitation of this vulnerability can allow an unauthenticated remote attacker to execute arbitrary commands on the affected device's operating system, potentially gaining root-level access. This can lead to full control over the device, unauthorized access to sensitive information, disruption of services, and compromise of the network infrastructure relying on these Cisco products. [1]
What immediate steps should I take to mitigate this vulnerability?
Cisco strongly recommends upgrading to fixed software releases to remediate this vulnerability. There are no workarounds or mitigations available. Immediate steps include migrating affected products to the fixed releases corresponding to your version, such as upgrading to 14SU5 or applying the appropriate patch files for versions 14 and 15, or migrating from version 12.5 to a fixed release. For assistance, contact Cisco Technical Assistance Center (TAC) with product serial numbers and advisory URLs as proof of entitlement to free upgrades. [1]