CVE-2026-20230
Description
Cisco Unified Communications Manager and SME are vulnerable to SSRF due to improper input validation, allowing file writes and potential root privilege escalation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cisco Unified Communications Manager and SME are vulnerable to SSRF due to improper input validation, allowing file writes and potential root privilege escalation.
Vulnerability
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) exists due to improper input validation for specific HTTP requests. This vulnerability affects devices where the WebDialer service is enabled, which is disabled by default. Affected versions are detailed in the Cisco Security Advisory [1].
Exploitation
An unauthenticated, remote attacker can exploit this vulnerability by sending a crafted HTTP request to an affected device. The WebDialer service must be enabled on the target device for exploitation to be possible [1].
Impact
A successful exploit allows the attacker to write files to the underlying operating system. These files can then be used to elevate privileges to root, which Cisco has rated as a Critical Security Impact Rating despite the CVSS score [1].
Mitigation
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Customers should refer to the Cisco Security Advisory for information on fixed software releases [1].
AI Insight generated on Jun 3, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Improper input validation for specific HTTP requests allows server-side request forgery."
Attack vector
An unauthenticated, remote attacker can exploit this vulnerability by sending a crafted HTTP request to an affected device [ref_id=1]. This vulnerability is due to improper input validation for specific HTTP requests [ref_id=1]. A successful exploit could allow the attacker to write files to the underlying operating system that could be used later to elevate to root [ref_id=1]. The WebDialer service must be enabled for exploitation, and it is disabled by default [ref_id=1].
What the fix does
Cisco has released software updates that address this vulnerability. The advisory indicates that customers should upgrade to fixed software releases such as 14SU6 for version 14 or 15SU5 (September 2026) or COP1 for version 15 [ref_id=1]. There are no workarounds that address this vulnerability, but disabling the WebDialer service can serve as a mitigation until a patch can be applied [ref_id=1].
Preconditions
- configThe WebDialer service must be enabled on the affected device.
- authThe attacker is unauthenticated.
- networkThe attacker is remote.
Generated on Jun 3, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1News mentions
1- Cisco Discloses Three Vulnerabilities: SSRF, XSS, and Arbitrary File LoadVypr Intelligence · Jun 3, 2026