Lucene search
K

Cisco Unified Communications Manager IM & Presence Service Remote Code Execution (cisco-sa-voice-rce-mORhqY4b)

🗓️ 23 Jan 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 10 Views

Remote code execution in Cisco Unified Communications Manager IM and Presence via web requests; unauthenticated attacker can gain root.

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(296365);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/02/02");

  script_cve_id("CVE-2026-20045");
  script_xref(name:"CISCO-BUG-ID", value:"CSCwr29216");
  script_xref(name:"CISCO-SA", value:"cisco-sa-voice-rce-mORhqY4b");
  script_xref(name:"IAVA", value:"2026-A-0082");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2026/02/11");

  script_name(english:"Cisco Unified Communications Manager IM & Presence Service Remote Code Execution (cisco-sa-voice-rce-mORhqY4b)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco Unified Communications Manager IM & Presence is affected by a remote code
execution vulnerability:

  - A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session
    Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P),
    Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker
    to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to
    improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending
    a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful
    exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate
    privileges to root. (CVE-2026-20045)

Please see the included Cisco BID and Cisco Security Advisory for more information.");
  # https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3417e480");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwr29216");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCwr29216");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-20045");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/01/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/01/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/23");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:unified_communications_manager_im_and_presence_service");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_cucm_imp_detect.nbin");
  script_require_keys("installed_sw/Cisco Unified CM IM&P");

  exit(0);
}

include('vcf.inc');

var app_info = vcf::get_app_info(app:'Cisco Unified CM IM&P');

var version_active = get_kb_item('Host/Cisco/show_version_active');
if ('CSCwr21851' >< version_active)
  audit(AUDIT_HOST_NOT, 'affected due to an installed security patch');

var constraints = [
  { 'min_version':'12.5', 'max_version':'12.9999', 'fixed_display':'14SU5 or 15SU4' },
  { 'min_version':'14.0', 'fixed_version':'14.0.1.15900.3', 'fixed_display':'14.0.1.15900.3 (14SU5)' },
  { 'min_version':'15.0', 'fixed_version':'15.0.1.14900', 'fixed_display':'15.0.1.14900 (15SU4)' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

02 Feb 2026 00:00Current
6.3Medium risk
Vulners AI Score6.3
CVSS 3.18.2 - 9.8
EPSS0.04307
SSVC
10