SB2026060401 - Pre-authenticated SSRF in Cisco Unified Communications Manager

Description

This security bulletin contains information about 1 vulnerability.

1) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2026-20230)

CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:H/SI:H/SA:N/E:A/U:Red

The vulnerability allows a remote attacker to write files to the underlying operating system.

The vulnerability exists due to server-side request forgery in the WebDialer service when handling crafted HTTP requests. A remote attacker can send a crafted HTTP request to write files to the underlying operating system.

Only instances with the WebDialer service enabled are vulnerable. The written files could be used later to elevate privileges to root.

Remediation

Install update from vendor's website.

References

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssrf-cXPnHcW 
• https://bst.cloudapps.cisco.com/bugsearch/bug/CSCws67331