Cisco Unified Communications Manager SSRF to Root Privilege Escalation via WebDialer (CVE-2026-20230)

Scope: Cisco Unified CM and Unified CM SME (All Versions with WebDialer Enabled)

Severity: Red

A critical SSRF vulnerability (CVSS 8.6, Security Impact Rating: Critical) in Cisco Unified Communications Manager's WebDialer service, for which public proof-of-concept exploit code now exists, allows unauthenticated remote attackers to send crafted HTTP requests that trigger the server to write arbitrary files to the underlying Linux operating system, which can then be used to escalate privileges to root. Cisco has confirmed that no workaround exists other than disabling the WebDialer service itself; while WebDialer is disabled by default, it is commonly enabled in enterprise VoIP deployments. Organizations should immediately verify WebDialer's status via Cisco Unified Serviceability under Control Center, Feature Services, disable it if not operationally required, and upgrade to Unified CM 14SU6 or apply available COP interim patches; version 15SU5 is scheduled for September 2026.

The Uganda National CERT and Coordination Center (CERT.UG/CC) encourages users and administrators to review the recommendations and apply the necessary updates.