
Attackers exploit Cisco Unified CM flaw weeks after patch release
A critical Cisco Unified CM vulnerability is now under active exploitation, weeks after the company issued patches warning it could allow attackers to gain root access.
Threat intelligence firm Defused reported the exploitation on June 23. The company said it observed the activity over the weekend.
“This is currently being exploited from a single source using an unvetted PoC, with genuinely-formatted file:// file-write payloads landing on our decoys,” Defused said on X.
The flaw is tracked as CVE-2026-20230 and carries a CVSS base score of 8.6. Cisco published the advisory and patches on June 3, when it stated it was not aware of any malicious use of the vulnerability at the time of disclosu...