VulnHub

Real-time Cybersecurity News

Cisco Unified CM flaw actively exploited to drop webshells (CVE-2026-20230)

Help Net Security
Actively Exploited
2 Sources
Reporting on this topic
BleepingComputerHelp Net Security
CVECiscoVulnerabilityApache

Overview

A newly discovered vulnerability, CVE-2026-20230, affects Cisco's Unified Communications Manager (Unified CM) and is currently being exploited in the wild. This issue is a server-side request forgery (SSRF) flaw that allows attackers to drop webshells and execute code remotely on the affected servers. According to threat intelligence firm Defused, automated attacks have been observed using the Tor network to deploy these webshells. The exploitation process involves abusing the WebDialer SSRF to install a malicious Apache Axis service, which then facilitates the execution of further malicious payloads. Organizations using Cisco Unified CM should be aware of this security threat and take steps to mitigate potential risks.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Cisco Unified Communications Manager (Unified CM)
  • Action Required: Organizations should immediately apply any available security patches from Cisco for Unified CM.
  • Timeline: Newly disclosed

Original Article Summary

CVE-2026-20230, a server-side request forgery (SSRF) vulnerability affecting Cisco’s Unified Communications Manager (Unified CM), is being exploited to drop webshells and achieve remote code execution capability on the underlying server. “Our honeypots are seeing automated sweeps dropping webshells, all via Tor,” threat intelligence firm Defused warned today, after observing initial attacks over the weekend. “The observed chain abuses the WebDialer SSRF to deploy a rogue Apache Axis service, uses that service to write a first-stage … More → The post Cisco Unified CM flaw actively exploited to drop webshells (CVE-2026-20230) appeared first on Help Net Security.

Impact

Cisco Unified Communications Manager (Unified CM)

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Organizations should immediately apply any available security patches from Cisco for Unified CM. Additionally, they should review their server configurations and restrict access to the WebDialer feature to trusted sources only. Implementing network monitoring to detect unusual traffic patterns may also help in identifying and mitigating the exploitation attempts.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to CVE, Cisco, Vulnerability, and 1 more.

Multiple Sources: This threat is being reported by 2 different security sources, indicating significant concern within the cybersecurity community.

Read Original Article

Related Coverage

Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks

BleepingComputer

A serious vulnerability, identified as CVE-2026-20230, has been discovered in Cisco's Unified Communications Manager Server. This Server-Side Request Forgery (SSRF) flaw is currently being exploited by attackers, raising concerns for organizations using this software. The vulnerability could allow malicious actors to manipulate requests sent from the server, potentially leading to unauthorized access to sensitive systems. Companies that rely on Cisco's Unified Communications infrastructure need to prioritize patching their systems to protect against these active exploits. As the situation evolves, it is crucial for affected users to stay informed and take immediate action to mitigate risks.

Jun 23, 2026