- Cisco Unified Communications Manager and Cisco Unified Communications Manager SME Release 14 prior to 14SU6
- Cisco Unified Communications Manager and Cisco Unified Communications Manager SME Release 15 prior to 15SU5 (Sep 2026) or COP
Note: Vulnerability is only exploitable on systems with WebDialer service enabled (disabled by default)
A vulnerability has been reported in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) that could allow an unauthenticated, remote attacker to conduct Server-Side Request Forgery (SSRF) attacks and potentially gain root-level privileges on the affected system.
Target Audience:
All IT administrators, network administrators, VoIP administrators, and individuals responsible for maintaining Cisco Unified Communications infrastructure.
Risk Assessment:
Critical risk of unauthenticated remote exploitation leading to privilege escalation.
Impact Assessment:
Potential for unauthorised root privilege access.
The information provided herein is on "as is" basis, without warranty of any kind.