{"id":206806,"date":"2026-01-21T17:16:00","date_gmt":"2026-01-21T22:16:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/01\/21\/cisco-fixes-unified-communications-rce-zero-day-exploited-in-attacks\/"},"modified":"2026-01-26T19:05:18","modified_gmt":"2026-01-27T00:05:18","slug":"cisco-fixes-unified-communications-rce-zero-day-exploited-in-attacks","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/01\/21\/cisco-fixes-unified-communications-rce-zero-day-exploited-in-attacks\/","title":{"rendered":"Cisco fixes Unified Communications RCE zero day exploited in attacks"},"content":{"rendered":"<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cisco-fixes-unified-communications-rce-zero-day-exploited-in-attacks\/\">Cisco fixes Unified Communications RCE zero day exploited in attacks<\/a><\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cisco-fixes-unified-communications-rce-zero-day-exploited-in-attacks\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/cisco-fixes-unified-communications-rce-zero-day-exploited-in-attacks\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-01-21 17:16:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.bleepingcomputer.com\">www.bleepingcomputer.com<\/a><\/p>\n<p style=\"text-align:center\">\n<p>Cisco has fixed a critical Unified Communications and Webex Calling remote code execution vulnerability, tracked as\u00a0CVE-2026-20045, that has been actively exploited as a zero-day in\u00a0attacks.<\/p>\n<p>Tracked as CVE-2026-20045, the flaw impacts Cisco Unified Communications Manager (Unified CM), Unified CM Session Management Edition (SME), Unified CM IM &#038; Presence, Cisco Unity Connection, and Webex Calling Dedicated Instance.<\/p>\n<p>&#8220;This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device,&#8221; warns Cisco&#8217;s advisory.<\/p>\n<p> <img decoding=\"async\" src=\"https:\/\/www.bleepstatic.com\/c\/w\/wiz\/AI-Data-Security-970x250.png\" alt=\"Wiz\" style=\"margin-top: 0px;\"\/><\/p>\n<p>&#8220;A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to\u00a0root.&#8221;<\/p>\n<p>While the vulnerability has a CVSS score of 8.2, Cisco assigned it a Critical severity rating, as exploitation leads to root access on servers.<\/p>\n<p>Cisco has released the following software updates and patch files to address the vulnerability:<\/p>\n<p><strong>Cisco Unified CM, Unified CM IM&#038;P, Unified CM SME, and Webex Calling Dedicated Instance Release:<\/strong><\/p>\n<p><strong>Cisco Unity Connection Release:<\/strong><\/p>\n<p>The company says the patches are version specific, so the\u00a0README should be reviewed before applying patches.<\/p>\n<p>Cisco&#8217;s Product Security Incident Response Team (PSIRT) has confirmed that attempts to exploit the flaw have\u00a0been observed in the wild, urging customers to upgrade to the latest software as soon as possible.<\/p>\n<p>The company\u00a0also said there are no workarounds that can mitigate the flaw without installing updates.<\/p>\n<p>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-20045 to its Known Exploited Vulnerabilities (KEV) Catalog and given federal agencies until February 11, 2026, to deploy updates.<\/p>\n<p>Earlier this month, Cisco patched a\u00a0Identity Services Engine (ISE) vulnerability with public proof-of-concept&#8230;<\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cisco-fixes-unified-communications-rce-zero-day-exploited-in-attacks\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cisco fixes Unified Communications RCE zero day exploited in attacks https:\/\/www.bleepingcomputer.com\/news\/security\/cisco-fixes-unified-communications-rce-zero-day-exploited-in-attacks\/ Publish Date: 2026-01-21 17:16:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":206807,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.bleepstatic.com\/content\/hl-images\/2024\/07\/18\/Cisco.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24,31,27],"class_list":["post-206806","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/206806"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=206806"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/206806\/revisions"}],"predecessor-version":[{"id":206808,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/206806\/revisions\/206808"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/206807"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=206806"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=206806"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=206806"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}