Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
High Severity Vulnerability in Cisco Products

High Severity Vulnerability in Cisco Products

23 January 2026

Cisco has released security updates to address a high severity vulnerability in their products. Users and administrators of affected products are advised to update to the latest version immediately.

Background

Cisco has released security updates to address a high severity vulnerability (CVE-2026-20045) in their Unified Communications Manager (Unified CM), Unified CM Session Management Edition (SME), Unified CM IM & Presence, Unity Connection, and Webex Calling Dedicated Instance.

Impact

Successful exploitation of the vulnerability could allow an unauthenticated attacker to send maliciously crafted HTTP requests to the vulnerable product, gaining user-level access and potentially escalating to root privileges.

Affected Products

The vulnerability affects the following product versions:

  • Cisco Unified CM version 12.5, 14 and 15

  • Cisco Unified CM SME version 12.5, 14 and 15

  • Cisco Unified CM IM&P version 12.5, 14 and 15

  • Cisco Unity Connection version 12.5, 14 and 15

  • Cisco Webex Calling Dedicated Instance version 12.5, 14 and 15

Known Exploitation

The vulnerability is reportedly being exploited in the wild.

Mitigation

Users and administrators of affected products are advised to update to the latest version immediately.

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b

https://www.bleepingcomputer.com/news/security/cisco-fixes-unified-communications-rce-zero-day-exploited-in-attacks/

https://www.cisa.gov/news-events/alerts/2026/01/21/cisa-adds-one-known-exploited-vulnerability-catalog

Back to top