PT-2026-3785 · Cisco · Cisco Unified Communications Manager Im & Presence Service +4

Published

2026-01-21

·

Updated

2026-02-23

·

CVE-2026-20045

CVSS v2.0
10
VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager versions prior to 14SU5 or 15SU4 Cisco Unified Communications Manager Session Management Edition (Unified CM SME) versions prior to 14SU5 or 15SU4 Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) versions prior to 14SU5 or 15SU4 Cisco Unity Connection versions prior to 14SU5 or 15SU4 Cisco Webex Calling Dedicated Instance versions prior to 14SU5 or 15SU4
Description A critical vulnerability exists in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance. This flaw allows an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability stems from improper validation of user-supplied input in HTTP requests. An attacker can exploit this by sending crafted HTTP requests to the web-based management interface, potentially gaining user-level access and escalating privileges to root. This vulnerability is actively exploited in the wild, and CISA has added it to its Known Exploited Vulnerabilities (KEV) catalog with a remediation deadline of February 11, 2026, for federal agencies. Approximately 1,300 instances of Cisco Unified CM are exposed on the internet, with nearly half located in the US.
Recommendations For Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection, upgrade to version 14SU5 or later, or 15SU4 or later. For Cisco Webex Calling Dedicated Instance, upgrade to version 14SU5 or later, or 15SU4 or later. Restrict access to the web-based management interface to trusted networks. Monitor for anomalous HTTP management traffic to detect potential exploitation attempts.

Fix

RCE

DoS

LPE

Code Injection

Weakness Enumeration

CWE-94

Related Identifiers

BDU:2026-00706
CVE-2026-20045

Affected Products

Cisco Unified Communications Manager
Cisco Unified Communications Manager Im & Presence Service
Cisco Unified Communications Manager Session Management Edition
Cisco Unity Connection
Cisco Webex Calling Dedicated Instance