FKIE_CVE-2026-20045

Vulnerability from fkie_nvd - Published: 2026-01-21 17:16 - Updated: 2026-01-22 14:28
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device.  This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root.
References
psirt@cisco.comhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4bVendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20045US Government Resource
Impacted products
Vendor Product Version
cisco unified_communications_manager *
cisco unified_communications_manager *
cisco unified_communications_manager *
cisco unified_communications_manager *
cisco unified_communications_manager_im_and_presence_service *
cisco unified_communications_manager_im_and_presence_service *
cisco unity_connection *
cisco unity_connection *
To clipboard 

{
  "cisaActionDue": "2026-02-11",
  "cisaExploitAdd": "2026-01-21",
  "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
  "cisaVulnerabilityName": "Cisco Unified Communications Products Code Injection Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "9A84A37B-553F-48B5-8F92-678A478EE896",
              "versionEndExcluding": "14su5",
              "versionStartIncluding": "12.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "27BC4E6E-8C4D-4EEA-A8DB-8CBC11349336",
              "versionEndExcluding": "14su5",
              "versionStartIncluding": "12.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "E8EE2A11-29DC-45EF-A9B0-E053C004EF82",
              "versionEndIncluding": "15su3a",
              "versionStartIncluding": "15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "99E5929A-E9DE-4370-A363-66BDA1D46BDE",
              "versionEndIncluding": "15su3a",
              "versionStartIncluding": "15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1235D0E6-5703-4DAB-8D50-0DBEF7A9A1EB",
              "versionEndExcluding": "14su5",
              "versionStartIncluding": "12.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF732C27-6F22-4987-BCED-B7303E8F9789",
              "versionEndIncluding": "15su3a",
              "versionStartIncluding": "15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CD37F03-3690-4C47-9768-06EB00F693AB",
              "versionEndExcluding": "14su5",
              "versionStartIncluding": "12.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD7BF042-4261-4F93-913D-D7B756F975CD",
              "versionEndIncluding": "15su3",
              "versionStartIncluding": "15.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker\u0026nbsp;to execute arbitrary commands on the underlying operating system of an affected device.\u0026nbsp;\r\n\r\nThis vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root.\r\nNote: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM y Presence Service (Unified CM IM\u0026amp;P), Cisco Unity Connection y Cisco Webex Calling Dedicated Instance podr\u00eda permitir a un atacante remoto no autenticado ejecutar comandos arbitrarios en el sistema operativo subyacente de un dispositivo afectado.\n\nEsta vulnerabilidad se debe a una validaci\u00f3n incorrecta de la entrada proporcionada por el usuario en las solicitudes HTTP. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una secuencia de solicitudes HTTP manipuladas a la interfaz de gesti\u00f3n basada en web de un dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante obtener acceso a nivel de usuario al sistema operativo subyacente y luego elevar privilegios a root.\nNota: Cisco ha asignado a este aviso de seguridad una Calificaci\u00f3n de Impacto de Seguridad (SIR) de Cr\u00edtico en lugar de Alto como indica la puntuaci\u00f3n. La raz\u00f3n es que la explotaci\u00f3n de esta vulnerabilidad podr\u00eda resultar en que un atacante eleve privilegios a root."
    }
  ],
  "id": "CVE-2026-20045",
  "lastModified": "2026-01-22T14:28:35.883",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.2,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2026-01-21T17:16:08.077",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20045"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.