Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
India Halts WhatsApp Usernames Rollout Due to Fraud Concerns
July 1, 2026
Critical Cursor IDE RCE Vulnerabilities Allow Zero-Click Prompt Injection
July 1, 2026
Automated Password Spray Attacks Target Microsoft Azure CLI
July 1, 2026
Home/CyberSecurity News/CISA Warns of Cisco Unified CM 0-Day RCE Vulnerability Exploited in Attacks
CyberSecurity News

CISA Warns of Cisco Unified CM 0-Day RCE Vulnerability Exploited in Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert. This comes after the agency confirmed active exploitation of a zero-day remote code execution (RCE)...

Emy Elsamnoudy
Emy Elsamnoudy
January 22, 2026 2 Min Read
32 0

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert. This comes after the agency confirmed active exploitation of a zero-day remote code execution (RCE) vulnerability in multiple Cisco Unified Communications products.

Tracked as CVE-2026-20045, the flaw enables code injection attacks that grant attackers user-level access to the underlying OS, followed by full root privilege escalation.

Added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on January 21, 2026, federal agencies must apply mitigations by February 11, 2026, or discontinue use of affected products.

This critical issue stems from improper input validation in Cisco’s communication platforms, aligning with CWE-94: Improper Control of Generation of Code. Attackers can inject malicious code via crafted network requests, bypassing authentication in some scenarios.

Attackers exploiting this flaw can execute arbitrary code within the context of the vulnerable service. CISA confirmed active exploitation in the wild, prompting the urgent addition to the KEV catalog on January 21, 2026.

Organizations managing these communications systems face immediate risk of compromise.

Cisco has published an advisory confirming the vulnerability affects on-premises deployments, with no workaround available beyond patching.

Affected Products and Attack Vectors

The vulnerability impacts:

  • Cisco Unified Communications Manager (Unified CM)
  • Cisco Unified Communications Manager Session Management Edition (Unified CM SME)
  • Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P)
  • Cisco Unity Connection
  • Cisco Webex Calling Dedicated Instance

Enterprise voice and collaboration environments face high risk, as these products often expose management interfaces to the internet.

Attackers exploit the flaw remotely without authentication by sending malformed packets to exposed services like CTI Manager or AXLE services.

Once injected, code executes in the context of the web server process, allowing persistence via cron jobs or backdoors before root escalation through known local priv-esc paths.

Early indicators suggest threat actors are chaining this with phishing or supply-chain compromises to target call centers and UCaaS providers.

Cisco urges immediate upgrades to patched versions:

  1. Unified CM: Release 14SU2.7 or later
  2. Unity Connection: 14SU2.7 or later
  3. IM&P: 14SU3 or later

CISA emphasizes zero-trust principles: assume breach and hunt for IOCs, such as unexpected root processes or injected web shells.

This zero-day underscores persistent risks in legacy UC infrastructure, where delayed patching leaves orgs vulnerable to ransomware or espionage.

No public PoCs exist yet, but underground forums report exploits for sale. Security teams should cross-reference CISA KEV and Cisco PSIRT for updates.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

BreachCVECybersecurityExploitPatchphishingransomwareSecurityVulnerabilityzero-day

Share Article

Emy Elsamnoudy

Emy Elsamnoudy

Emy is a cybersecurity analyst and reporter specializing in threat hunting, defense strategies, and industry trends. With expertise in proactive security measures, Emily covers the tools and techniques organizations use to detect and prevent cyber attacks. She is a regular speaker at security conferences and has contributed to industry reports on threat intelligence and security operations. Emily's reporting focuses on helping organizations improve their security posture through practical, actionable insights.

Previous Post

FortiGate Firewalls Hacked in Automated Attacks to Steal Configurations Data

Next Post

Malicious PyPI Package Mimic as Popular Sympy-Dev to Attack Millions of Users

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Fluentd Vulnerabilities Allow Remote Code Execution
July 1, 2026
Weaponized Google Ads Install Malicious Claude Code to Hijack macOS
July 1, 2026
Critical Adobe ColdFusion Vulnerabilities Let Attackers Run Code
July 1, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us