Cisco fixes Unified Communications RCE zero day exploited in attacks
Recorded: Jan. 21, 2026, 11:03 p.m.
| Original | Summarized |
Cisco fixes Unified Communications RCE zero day exploited in attacks News Featured Credential-stealing Chrome extensions target enterprise HR platforms Microsoft releases OOB Windows updates to fix shutdown, Cloud PC bugs Jordanian pleads guilty to selling access to 50 corporate networks Ingram Micro says ransomware attack affected 42,000 people Chainlit AI framework bugs let hackers breach cloud environments Cisco fixes Unified Communications RCE zero day exploited in attacks New Android malware uses AI to click on hidden browser ads Online retailer PcComponentes says data breach claims are fake Tutorials Latest How to access the Dark Web using the Tor Browser How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11 How to use the Windows Registry Editor How to backup and restore the Windows Registry How to start Windows in Safe Mode How to remove a Trojan, Virus, Worm, or other Malware How to show hidden files in Windows 7 How to see hidden files in Windows Webinars Latest Qualys BrowserCheck STOPDecrypter AuroraDecrypter FilesLockerDecrypter AdwCleaner ComboFix RKill Junkware Removal Tool Deals Categories eLearning IT Certification Courses Gear + Gadgets Security VPNs Popular Best VPNs How to change IP address Access the dark web safely Best VPN for YouTube Forums Virus Removal Guides HomeNewsSecurityCisco fixes Unified Communications RCE zero day exploited in attacks Cisco fixes Unified Communications RCE zero day exploited in attacks By Lawrence Abrams January 21, 2026 Cisco has fixed a critical Unified Communications and Webex Calling remote code execution vulnerability, tracked as CVE-2026-20045, that has been actively exploited as a zero-day in attacks. "A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root." 7 Security Best Practices for MCP Related Articles: Actively Exploited Lawrence Abrams Previous Article Post a Comment Community Rules You need to login in order to post a comment Not a member yet? Register Now You may also like: Popular Stories Microsoft releases OOB Windows updates to fix shutdown, Cloud PC bugs Ingram Micro says ransomware attack affected 42,000 people New PDFSider Windows malware deployed on Fortune 100 firm's network Sponsor Posts Discover how to scale IT infrastructure reliably without adding toil or burnout. Identity Governance & Threat Detection in one: Get a guided tour of our platform Discover how phishing kits are sold and deployed. Download the full research report. Upcoming Webinar Follow us: Main Sections News Community Forums Useful Resources Welcome Guide Company About BleepingComputer Terms of Use - Privacy Policy - Ethics Statement - Affiliate Disclosure Copyright @ 2003 - 2026 Bleeping Computer® LLC - All Rights Reserved Login Username Password Remember Me Sign in anonymously Sign in with Twitter Not a member yet? Register Now Help us understand the problem. What is going on with this comment? Spam Abusive or Harmful Inappropriate content Strong language Other Read our posting guidelinese to learn what content is prohibited. Submitting... |
Cisco has addressed a critical Remote Code Execution (RCE) vulnerability, designated as CVE-2026-20045, that was actively exploited in real-world attacks. This vulnerability impacted several Cisco Unified Communications products, including Cisco Unified Communications Manager (Unified CM), Unified CM Session Management Edition (SME), Unified CM IM & Presence, Cisco Unity Connection, and Webex Calling Dedicated Instance. The core issue stemmed from improper handling of user-supplied input within HTTP requests, allowing an attacker to potentially obtain user-level access and subsequently escalate privileges to root access on the affected servers. The Common Vulnerability Scoring System (CVSS) assigned a score of 8.2, reflecting the significant risk posed by this exploitation. Cisco’s Product Security Incident Response Team (PSIRT) confirmed that exploitation attempts had been observed, emphasizing the urgency for customers to deploy available patches. The company released specific software updates and patch files tailored to the affected versions. Version 12.5 required a migration to a fixed release. Subsequent versions, including 14 and 15, offered further refinements with patch files available for download. Notably, the company highlighted the version-specificity of the updates and urged careful review of the accompanying README files before application. The vulnerability was tracked within the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) Catalog, prompting federal agencies to address the issue by February 11, 2026. Prior to this announcement, Cisco had previously patched an Identity Services Engine (ISE) vulnerability, which included public proof-of-concept exploit code and had been exploited since November. This indicates a pattern of rapid response initiated by Cisco to mitigate emerging threats. The active exploitation of CVE-2026-20045 underscored the importance of maintaining up-to-date security measures for critical communication infrastructure. The consequences of a successful attack, including unauthorized access and potential root-level control, were substantial. There were no workaround solutions available to neutralize the vulnerability without installing the designated patches. Cisco’s response, combined with CISA’s classification, signaled a coordinated effort to reduce the attack surface and minimize potential harm. The vulnerability management process involved rapid detection, analysis, and the expeditious release of security updates, reflecting best practices for incident response within the cybersecurity realm. |