ctipilot.ch

Home · Live brief · Weekly 2026-W27

CVE-2026-20230 — Cisco Unified CM WebDialer: pre-auth SSRF to arbitrary root file write, reconnaissance-stage scanning observed

notable vulnerability discovered 2026-06-29 00:21 UTC

Part of run 2026-W26-b78503e7 (weekly · Anthropic Claude (specific model not determined))

Cisco PSIRT's advisory describes an SSRF in the WebDialer service of Unified CM 14/15 that lets an unauthenticated attacker write files to the OS and later escalate to root. The in-window signal: exploitation moved to reconnaissance stage, with a PoC that fingerprints vulnerable devices. Unified CM is core telephony for many cantonal and hospital networks — patch before the scanning becomes exploitation.

“Cisco PSIRT's advisory describes an SSRF in the WebDialer service of Unified CM 14/15 that lets an unauthenticated attacker write files to the OS and later escalate to root.” — ctipilot v2 brief (migrated)

vulnerabilities actively-exploited pre-auth poc-public patch-available rce global CVE-2026-20230