Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2026-20045

Опубликовано: 21 янв. 2026
Источник: nvd
CVSS3: 8.2
CVSS3: 9.8
EPSS Низкий

Описание

A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. 

This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that expl

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*
Версия от 12.5 (включая) до 14su5 (исключая)
cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*
Версия от 12.5 (включая) до 14su5 (исключая)
cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*
Версия от 15.0 (включая) до 15su3a (включая)
cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*
Версия от 15.0 (включая) до 15su3a (включая)
cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*
Версия от 12.5 (включая) до 14su5 (исключая)
cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*
Версия от 15.0 (включая) до 15su3a (включая)
cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*
Версия от 12.5 (включая) до 14su5 (исключая)
cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*
Версия от 15.0 (включая) до 15su3 (включая)

EPSS

Процентиль: 78%
0.01101
Низкий

8.2 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-94

Связанные уязвимости

github логотип

GHSA-h4w3-hxw6-99q7

CVSS3: 8.2
github
13 дней назад

A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device.  This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that expl...

fstec логотип

BDU:2026-00706

CVSS3: 9.8
fstec
14 дней назад

Уязвимость веб-интерфейса управления системы обработки вызовов Cisco Unified Communications Manager, систем управления IP-телефонией Cisco Unified Communications Manager Session Management Edition (SME), системы обработки вызовов Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), интегрированной системы обмена сообщениями Cisco Unity Connection, облачной платформы для веб-конференцсвязи Cisco Webex Calling Dedicated Instance, позволяющая нарушителю выполнить произвольные команды и повысить свои привилегии до уровня root

EPSS

Процентиль: 78%
0.01101
Низкий

8.2 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-94