{"id":180470,"date":"2026-01-21T23:06:00","date_gmt":"2026-01-22T04:06:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/21\/cisco-fixes-actively-exploited-zero-day-cve-2026-20045-in-unified-cm-and-webex\/"},"modified":"2026-01-22T01:20:11","modified_gmt":"2026-01-22T06:20:11","slug":"cisco-fixes-actively-exploited-zero-day-cve-2026-20045-in-unified-cm-and-webex","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/21\/cisco-fixes-actively-exploited-zero-day-cve-2026-20045-in-unified-cm-and-webex\/","title":{"rendered":"Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/01\/cisco-fixes-actively-exploited-zero-day.html\">Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/01\/cisco-fixes-actively-exploited-zero-day.html\">https:\/\/thehackernews.com\/2026\/01\/cisco-fixes-actively-exploited-zero-day.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-01-21 23:06:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points.<br \/>\n\ue804Ravie Lakshmanan\ue802Jan 22, 2026Vulnerability \/ Zero-Day<br \/>\nCisco has released fresh patches to address what it described as a &#8220;critical&#8221; security vulnerability impacting multiple Unified Communications (CM) products and Webex Calling Dedicated Instance that it has been actively exploited as a zero-day in the wild.<br \/>\nThe vulnerability, CVE-2026-20045 (CVSS score: 8.2), could permit an unauthenticated remote attacker to execute arbitrary commands on the underlying operating system of a susceptible device.<br \/>\n&#8220;This vulnerability is due to improper validation of user-supplied input in HTTP requests,&#8221; Cisco said in an advisory. &#8220;An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root.&#8221;<\/p>\n<p>The critical rating for the flaw is due to the fact that its exploitation could allow for privilege escalation to root, it added. The vulnerability impacts the following products &#8211;<\/p>\n<p>Unified CM<br \/>\nUnified CM Session Management Edition (SME)<br \/>\nUnified CM IM &#038; Presence Service (IM&#038;P)<br \/>\nUnity Connection<br \/>\nWebex Calling Dedicated Instance<\/p>\n<p>It has been addressed in the following versions &#8211;<br \/>\nCisco Unified CM, CM SME, CM IM&#038;P, and Webex Calling Dedicated Instance &#8211;<\/p>\n<p>Release 12.5 &#8211; Migrate to a fixed release<br \/>\nRelease 14 &#8211; 14SU5 or apply patch file: ciscocm.V14SU4a_CSCwr21851_remote_code_v1.cop.sha512<br \/>\nRelease 15 &#8211; 15SU4 (Mar 2026) or apply patch file: ciscocm.V15SU2_CSCwr21851_remote_code_v1.cop.sha512 or ciscocm.V15SU3_CSCwr21851_remote_code_v1.cop.sha512<\/p>\n<p>Cisco Unity Connection <\/p>\n<p>Release 12.5 &#8211; Migrate to a fixed release<br \/>\nRelease 14 &#8211; 14SU5 or apply patch file: ciscocm.cuc.CSCwr29208_C0266-1.cop.sha512<br \/>\nRelease 15 &#8211; 15SU4 (Mar 2026) or apply patch file: ciscocm.cuc.CSCwr29208_C0266-1.cop.sha512<\/p>\n<p>The networking equipment major also said it&#8217;s &#8220;aware of attempted exploitation of this vulnerability in the wild,&#8221; urging customers to upgrade to a fixed software release to address the issue. There are currently no workarounds. An anonymous external researcher has been credited with discovering and reporting the bug.<br \/>\nThe development has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add CVE-2026-20045 to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by February 11, 2026.<br \/>\nThe discovery of CVE-2026-20045 comes less than a week after Cisco released updates for another actively exploited critical security vulnerability affecting AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager (CVE-2025-20393, CVSS score: 10.0) that could permit an attacker to execute arbitrary commands with root privileges.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex https:\/\/thehackernews.com\/2026\/01\/cisco-fixes-actively-exploited-zero-day.html Publish Date: 2026-01-21&#8230;<\/p>\n","protected":false},"author":1,"featured_media":180471,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhHOCMXq3WVtmcL9apl3XWrlOoAeRxJ2kZf_37YNtvg2oaO5wVX4zD-vOckg8TzcAeNUDKe0CpwaIvMz_9RQ0Lx-2sD5Jdz4rF7TxN74zZdq6lWOzfF3PdsYvmUy9CDqB9MxFV1leIxvXTuYYajixMcaQJLFGLGsLyfX7wdp9hkENDvdJqW6Y_hRlT6PnBk\/s1600-e365\/cisco-patch.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,31,27],"class_list":["post-180470","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/180470"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=180470"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/180470\/revisions"}],"predecessor-version":[{"id":180472,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/180470\/revisions\/180472"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/180471"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=180470"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=180470"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=180470"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}