Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root

Threat actors have begun exploiting a critical security vulnerability in Cisco Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME). The flaw, identified as CVE-2026-20230 with a CVSS score of 8.6, stems from improper input validation in certain HTTP requests. This allows an unauthenticated, remote attacker to write arbitrary files to the underlying operating system, potentially leading to root-level access. A proof-of-concept (PoC) exploit was publicly released on March 10, 2026, detailing the file-write path that enables this escalation. Cisco's advisory, published on March 12, 2026, confirms the vulnerability and notes that it affects specific versions of Unified CM and Unified CM SME. The company has not yet released a patch but is working on a permanent fix. In the interim, Cisco recommends implementing specific firewall rules to block HTTP access to the affected interfaces as a mitigation strategy. Exploitation of this vulnerability could allow attackers to compromise the entire communication infrastructure managed by the affected Cisco products, leading to service disruption, data exfiltration, or further network intrusion.