CVE‑2026‑20045 is a critical zero‑day vulnerability impacting multiple Cisco Unified Communications products and Webex Calling Dedicated Instances. Successful exploitation allows an unauthenticated attacker to achieve remote code execution. Continue reviewing this Cybersecurity Threat Advisory to learn how to mitigate your risk from this zero‑day vulnerability.
What is the threat?
CVE‑2026‑20045 arises from improper validation of HTTP input, allowing an attacker to execute arbitrary commands on affected devices. Attackers are actively exploiting multiple Cisco Unified Communications products, including Unified CM, Unified CM SME, Unified CM IM&P, Unity Connection, and Webex Calling Dedicated Instances.
An attacker can exploit this vulnerability by sending a sequence of specially crafted HTTP requests to the web‑based management interface of a vulnerable device. This leads to unauthenticated remote code execution, potentially giving the attacker root‑level access to the underlying system.
Cisco has released security updates to address the vulnerability and is urging all users to immediately apply a fixed software release. There are currently no known workarounds, making timely patching essential to reducing risk.
Why is it noteworthy?
This vulnerability affects a wide range of Cisco Unified Communications products and Webex Calling Dedicated Instances—systems many organizations rely on for mission‑critical voice, collaboration, and contact center operations. The combination of high impact, active exploitation, and broad deployment significantly elevates the overall risk. Its inclusion in the Known Exploited Vulnerabilities (KEV) catalog highlights its severity, and the catalog mandates that Federal Civilian Executive Branch (FCEB) agencies apply fixes by February 11, 2026. This urgent deadline underscores the potential for widespread impact across government environments and the private sector alike.
What is the exposure or risk?
Attackers can gain initial access through exposed web interfaces, execute arbitrary commands using crafted HTTP requests, and escalate privileges to root. From there, they may move laterally, evade detection, establish persistence, and potentially cause data theft or disrupt critical UC services.
What are the recommendations?
Barracuda recommends the following actions to secure your network systems against this threat:
- Upgrade affected Cisco Unified Communications products to fixed releases, specifically version 14SU5 or version 15SU4, as there are no viable workarounds for this vulnerability.
- Decommission legacy versions on 12.5.
- Limit access to management interfaces to authorized personnel only and ensure these interfaces are not exposed to the public internet.
- Implement network segmentation and isolate unified communications infrastructure from the corporate network to prevent lateral movement in the event of a compromise.
- Monitor for signs of exploitation, such as unusual root-level activity or unauthorized configuration changes, particularly on devices that were exposed before patching.
References
For more in-depth information about the recommendations, please visit the following links:
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b
- https://thehackernews.com/2026/01/cisco-patches-zero-day-rce-exploited-by.html
- https://thehackernews.com/2026/01/cisco-fixes-actively-exploited-zero-day.html
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- https://nvd.nist.gov/vuln/detail/CVE-2026-20045
- https://securityaffairs.com/187177/security/cisco-fixed-actively-exploited-unified-communications-zero-day.html
If you have any questions about this Cybersecurity Threat Advisory, don’t hesitate to get in touch with Barracuda Managed XDR’s Security Operations Center.
This post originally appeared on Smarter MSP.