CVE-2026-20230
Server-Side Request Forgery in Cisco Unified Communications Manager
Publication date: 2026-06-03
Last updated on: 2026-06-03
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | unified_communications_manager | 14su6 |
| cisco | unified_communications_manager | 15su5 |
| cisco | unified_communications_manager_session_management_edition | 14su6 |
| cisco | unified_communications_manager_session_management_edition | 15su5 |
| cisco | unified_communications_manager | * |
| cisco | unified_communications_manager_session_management_edition | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how this vulnerability directly affects compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-20230 is a critical server-side request forgery (SSRF) vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME).
The vulnerability arises from improper input validation of specific HTTP requests, which allows an unauthenticated, remote attacker to send crafted HTTP requests to an affected device.
If successfully exploited, the attacker could write files to the underlying operating system, potentially leading to privilege escalation to root access.
Exploitation requires the WebDialer service to be enabled, which is disabled by default.
How can this vulnerability impact me? :
This vulnerability can have a critical impact because it allows an unauthenticated attacker to remotely execute server-side request forgery attacks.
A successful exploit could enable the attacker to write files to the operating system and escalate privileges to root, giving them full control over the affected device.
Such control could lead to unauthorized access, manipulation, or disruption of communications managed by Cisco Unified CM or Unified CM SME.
Since the WebDialer service must be enabled for exploitation, systems with this service disabled are not vulnerable.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the Cisco Unified Communications Manager or Cisco Unified Communications Manager Session Management Edition has the WebDialer service enabled, as exploitation requires this service to be active.
Since the vulnerability involves crafted HTTP requests exploiting improper input validation, monitoring HTTP traffic to the affected devices for unusual or suspicious requests targeting the WebDialer service endpoint may help detect attempts to exploit this issue.
No specific detection commands or tools are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to disable the WebDialer service on affected Cisco Unified Communications Manager and Unified CM SME devices, as this service must be enabled for exploitation.
Apply the software updates released by Cisco that address this vulnerability. These include updates such as 14SU6 for release 14 and 15SU5 (or COP 1 1) for release 15.
There are no workarounds available other than disabling the WebDialer service until patches can be applied.