Lucene search
K

18 matches found

The Hacker News
The Hacker News
added 2026/06/24 6:50 a.m.10 views

Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root

Threat actors have begun to exploit a recently disclosed critical security flaw impacting Cisco Unified Communications Manager Unified CM and Unified Communications Manager Session Management Edition Unified CM SME. The vulnerability, tracked as CVE-2026-20230 CVSS score: 8.6, is a case of improp...

8.6CVSS6.4AI score0.41694EPSS
Exploits3
GithubExploit
GithubExploit
added 2026/06/12 7:47 p.m.136 views

Exploit for CVE-2026-20230

CVE-2026-20230 Scanner A Python-based scanner and validation...

8.6CVSS5.9AI score0.41694EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.10 views

CVE-2026-20230

A vulnerability in Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct server-side request forgery SSRF attacks through an affected device. This vulnerability ...

8.6CVSS6AI score0.41694EPSS
Exploits3References1
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.15 views

Cisco Unified Communications Manager (CUCM) 14.x < 14SU6 / 15.x < 15SU5 SSRF (cisco-sa-cucm-ssrf-cXPnHcW)

According to its self-reported version, Cisco Unified Communications Manager is affected by a server-side request forgery SSRF vulnerability. - A vulnerability in Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME cou...

8.6CVSS6.2AI score0.41694EPSS
Exploits3References3
The Hacker News
The Hacker News
added 2026/06/04 4:55 p.m.15 views

Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public

Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root. It is tracked as CVE-2026-20230, and proof-of-concept exploit code is already public. Cisco's PSIRT says it has not seen the flaw...

8.6CVSS6.2AI score0.41694EPSS
Exploits3
NCSC
NCSC
added 2026/06/04 11:34 a.m.12 views

Lack of transparency in Cisco Unified Communications Manager

Cisco has identified a vulnerability in Unified Communications Manager CM and Unified Communications Manager Session Management Edition CM SME. A malicious individual could exploit this vulnerability to carry out a Server-Side Request Forgery SSRF attack. Successful exploitation could result in t...

8.6CVSS5.8AI score0.41694EPSS
Exploits3References1
NVD
NVD
added 2026/06/03 6:16 p.m.19 views

CVE-2026-20230

A vulnerability in Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct server-side request forgery SSRF attacks through an affected device. This vulnerability ...

8.6CVSS0.41694EPSS
Exploits3References3
ATTACKERKB
ATTACKERKB
added 2026/06/03 4:9 p.m.8 views

CVE-2026-20230

A vulnerability in Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct server-side request forgery SSRF attacks through an affected device. This vulnerability ...

8.6CVSS7.6AI score0.41694EPSS
In wildExploits3References2Affected Software1
CVE
CVE
added 2026/06/03 4:9 p.m.121 views

CVE-2026-20230

CVE-2026-20230 affects Cisco Unified Communications Manager (CUCM) and Unified CM SME. The issue is due to improper input validation in specific HTTP requests, enabling an unauthenticated attacker to perform server-side request forgery (SSRF) and, if exploited, write files on the OS that could be...

8.6CVSS7.6AI score0.41694EPSS
In wildExploits3References3Affected Software1
EUVD
EUVD
added 2026/06/03 4:9 p.m.11 views

EUVD-2026-34137

A vulnerability in Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct server-side request forgery SSRF attacks through an affected device. This vulnerability ...

8.6CVSS5.8AI score0.41694EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2026/06/03 4:9 p.m.9 views

CVE-2026-20230 Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability

A vulnerability in Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct server-side request forgery SSRF attacks through an affected device. This vulnerability ...

8.6CVSS7.6AI score0.41694EPSS
Exploits3References1
Cvelist
Cvelist
added 2026/06/03 4:9 p.m.48 views

CVE-2026-20230 Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability

A vulnerability in Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct server-side request forgery SSRF attacks through an affected device. This vulnerability ...

8.6CVSS0.41694EPSS
Exploits3References1
Cisco
Cisco
added 2026/06/03 4:0 p.m.35 views

Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability

A vulnerability in Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct server-side request forgery SSRF attacks through an affected device. This vulnerability ...

8.6CVSS5.8AI score0.41694EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.16 views

PT-2026-45987

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager affected versions not specified Cisco Unified Communications Manager Session Management Edition affected versions not specified Description An improper input validation flaw in the WebDialer service allows ...

8.6CVSS6.6AI score0.41694EPSS
Exploits3References161
NVD
NVD
added 2013/08/05 1:22 p.m.20 views

CVE-2013-3450

Cross-site request forgery CSRF vulnerability in the User WebDialer page in Cisco Unified Communications Manager Unified CM allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028...

6.8CVSS7.2AI score0.00576EPSS
Exploits0References1
Prion
Prion
added 2013/08/05 1:22 p.m.14 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the User WebDialer page in Cisco Unified Communications Manager Unified CM allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028...

6.8CVSS7.7AI score0.00576EPSS
Exploits0References1
CVE
CVE
added 2013/08/03 1:0 a.m.43 views

CVE-2013-3450

Cisco Unified Communications Manager's User WebDialer is affected by CVE-2013-3450, a CSRF vulnerability caused by insufficient CSRF protections. An unauthenticated, remote attacker could exploit this to hijack a user’s authenticated session and initiate dialed calls on behalf of the affected use...

6.8CVSS7.4AI score0.00576EPSS
Exploits0References1Affected Software1
Cisco
Cisco
added 2013/08/02 6:55 p.m.23 views

Cisco Unified Communications Manager User Web Dialer Cross-Site Request Forgery Vulnerability

A vulnerability in the User WebDialer page of Cisco Unified Communications Manager Unified CM could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerabilit...

4.3CVSS2.8AI score0.00576EPSS
Exploits0References1
Rows per page
Query Builder