#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(296365);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/02/02");
script_cve_id("CVE-2026-20045");
script_xref(name:"CISCO-BUG-ID", value:"CSCwr29216");
script_xref(name:"CISCO-SA", value:"cisco-sa-voice-rce-mORhqY4b");
script_xref(name:"IAVA", value:"2026-A-0082");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2026/02/11");
script_name(english:"Cisco Unified Communications Manager IM & Presence Service Remote Code Execution (cisco-sa-voice-rce-mORhqY4b)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco Unified Communications Manager IM & Presence is affected by a remote code
execution vulnerability:
- A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session
Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P),
Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker
to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to
improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending
a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful
exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate
privileges to root. (CVE-2026-20045)
Please see the included Cisco BID and Cisco Security Advisory for more information.");
# https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3417e480");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwr29216");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCwr29216");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-20045");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2026/01/21");
script_set_attribute(attribute:"patch_publication_date", value:"2026/01/21");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/23");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:unified_communications_manager_im_and_presence_service");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_cucm_imp_detect.nbin");
script_require_keys("installed_sw/Cisco Unified CM IM&P");
exit(0);
}
include('vcf.inc');
var app_info = vcf::get_app_info(app:'Cisco Unified CM IM&P');
var version_active = get_kb_item('Host/Cisco/show_version_active');
if ('CSCwr21851' >< version_active)
audit(AUDIT_HOST_NOT, 'affected due to an installed security patch');
var constraints = [
{ 'min_version':'12.5', 'max_version':'12.9999', 'fixed_display':'14SU5 or 15SU4' },
{ 'min_version':'14.0', 'fixed_version':'14.0.1.15900.3', 'fixed_display':'14.0.1.15900.3 (14SU5)' },
{ 'min_version':'15.0', 'fixed_version':'15.0.1.14900', 'fixed_display':'15.0.1.14900 (15SU4)' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation