ctipilot.ch

Cisco Unified CM unauth SSRF → OS-root file write

cve · CVE-2026-20230

Coverage timeline
1
first 2026-06-04 → last 2026-06-04
Briefs
1
1 distinct
Sources cited
44
28 hosts
Sections touched
1
trending_vulns
Co-occurring entities
2
see Related entities below

Story timeline

  1. 2026-06-04CTI Daily Brief — 2026-06-04
    trending_vulnsFirst coverage — public-sector VoIP

Where this entity is cited

  • trending_vulns1

Source distribution

  • attack.mitre.org6 (14%)
  • blog.talosintelligence.com6 (14%)
  • sec.cloudapps.cisco.com4 (9%)
  • bleepingcomputer.com2 (5%)
  • thehackernews.com2 (5%)
  • theregister.com2 (5%)
  • bankinfosecurity.com1 (2%)
  • blick.ch1 (2%)
  • other20 (45%)

Related entities

External references

NVD · cve.org · CISA KEV

All cited sources (44)

Items in briefs about Cisco Unified CM unauth SSRF → OS-root file write (1)

CVE-2026-20230 — Cisco Unified Communications Manager: unauthenticated SSRF to OS-root file write

From CTI Daily Brief — 2026-06-04 · published 2026-06-04 · view item permalink →

Cisco PSIRT disclosed an SSRF in the Unified CM / Unified CM SME WebDialer service where improper HTTP input validation lets an unauthenticated remote attacker coerce the device into fetching an attacker URL and writing the response to arbitrary OS locations — a write primitive Cisco states "could be used later to elevate to root" via a drop into cron/service directories (Cisco PSIRT, 2026-06-03). Cisco rates it Critical (SIR) despite CVSS 8.6 because of the root path. WebDialer is disabled by default; affected are Release 14 (pre-14SU6) and 15 (pre-15SU5). Cisco reports no confirmed in-the-wild exploitation at disclosure but states that proof-of-concept exploit code is publicly available — which compresses the window before opportunistic exploitation. Disable WebDialer if unused, patch to 14SU6 / apply the Release 15 COP, restrict admin-interface access to management networks, and hunt for unexpected outbound HTTP from Unified CM hosts.