Cisco has released multiple security updates affecting enterprise communications, contact center, and infrastructure platforms widely deployed in production environments. Among the issues addressed is a critical remote code execution vulnerability that Cisco reports is being actively exploited.
The most severe issue is a remote code execution vulnerability affecting multiple Cisco Unified Communications products. Tracked as CVE-2026-20045 and assigned a CVSS score of 8.2, the flaw allows unauthenticated attackers to execute arbitrary commands on vulnerable systems..
The flaw exists in the web-based management interface of Cisco Unified Communications Manager, Unified Communications Manager Session Management Edition, Unified Communications Manager IM & Presence Service, Unity Connection, and Webex Calling Dedicated Instance. The vulnerability stems from improper validation of user input in HTTP requests.
An attacker can exploit this vulnerability by sending crafted HTTP requests to the management interface. Successful exploitation provides user-level access to the underlying operating system, which can then be escalated to root privileges. Cisco has assigned this advisory a Security Impact Rating of Critical due to the potential for privilege escalation to root access.
Cisco reports that this vulnerability is being actively exploited and strongly recommends that customers upgrade to fixed software releases immediately. The company has released patches for versions 14 and 15, with version 15SU4 scheduled for release in March 2026. Version-specific patch files are available for customers who cannot immediately upgrade to the fixed releases. Customers running version 12.5 should migrate to a supported version that includes the fix.
Cross-Site Scripting Vulnerabilities
Cisco has also patched two cross-site scripting vulnerabilities in Packaged Contact Center Enterprise and Unified Contact Center Enterprise. The vulnerabilities, identified as CVE-2026-20055 and CVE-2026-20109, exist in the web-based management interface due to insufficient validation of user-supplied input. An authenticated attacker with administrative credentials could inject malicious code into specific interface pages. Successful exploitation could allow execution of arbitrary script code or access to sensitive browser-based information.
Fixed releases are available for versions 12.6 and 15.0. Customers running earlier versions should migrate to a supported release that includes the security updates. Cisco indicates these vulnerabilities were discovered during internal security testing and is not aware of any public exploitation.
A privilege escalation vulnerability, tracked as CVE-2026-20092, was also addressed in Cisco Intersight Virtual Appliance. The vulnerability affects both the Connected Virtual Appliance and Private Virtual Appliance products, and exists in the read-only maintenance shell due to improper file permissions on system account configuration files. An authenticated local attacker with administrative privileges could manipulate system files to gain root access. This would provide full control of the appliance, enabling access to sensitive information, modification of workloads and configurations, and the ability to cause service disruptions.
The Connected Virtual Appliance will be upgraded automatically. Customers running the Private Virtual Appliance should manually upgrade to version 1.1.4-11 through the Cisco Intersight website. The vulnerability was found during internal security testing, and Cisco is not aware of any exploitation attempts.
Cisco has fixed a denial of service vulnerability in IEC6400 Wireless Backhaul Edge Compute Software. The vulnerability, CVE-2026-20080 with a CVSS score of 5.3, affects the SSH service when enabled.
The vulnerability exists because the SSH service lacks effective flood protection. An unauthenticated remote attacker could launch a denial of service attack against the SSH port, causing the service to become unresponsive during the attack period. Other system operations remain stable during the attack.
The vulnerability is fixed in version 1.2.0. Customers running version 1.1.0 or earlier should upgrade to the fixed release.
As a temporary mitigation, customers who do not require SSH access can disable the service using the command line interface or web interface. The SSH service is enabled by default on affected systems.
Organizations using affected Cisco products should review the security advisories and apply available updates according to their patch management procedures. For systems where immediate patching is not feasible, organizations should review available mitigations and consider implementing additional network security controls to limit exposure.
Visit Cisco’s Notification service page to ensure enrollment in the latest security notifications, or their security advisory listings here for the latest technical and patch information.
Leave a Reply