Cisco fixed several high‑severity flaws in its enterprise products, including SSRF bugs in Unity Connection that could enable code execution or service disruption.
Cisco released patches for multiple high‑severity vulnerabilities affecting its enterprise products. Successful exploitation could allow code execution, server‑side request forgery (SSRF), or denial‑of‑service attacks. Two notable flaws, CVE‑2026‑20034 and CVE‑2026‑20035, impact Cisco Unity Connection. Attackers can exploit them to trigger SSRF attacks.
“Multiple vulnerabilities in Cisco Unity Connection could allow a remote attacker to execute arbitrary code on or conduct server-side request forgery (SSRF) attacks through an affected device.” reads the advisory published by Cisco.
CVE‑2026‑20034 is a flaw in Cisco Unity Connection that allows an authenticated remote attacker to run arbitrary root‑level code on the device. The issue stems from improper validation of user input, letting an attacker send a crafted API request to fully compromise the system. Cisco has released fixes, and no workarounds exist.
“This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request.” reads the advisory. “A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of a targeted device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device.”
CVE-2026-20035 flaw in Cisco Unity Connection Web Inbox UI allows an unauthenticated remote attacker to perform SSRF attacks. The issue comes from improper validation of certain HTTP requests. By sending a crafted request, an attacker could make the device send arbitrary network traffic on their behalf, potentially accessing internal services.
“A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device.” reads the advisory.
“This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device.”
Below are the impacted releases:
| Cisco Unity Connection Release | First Fixed Release |
|---|---|
| 12.5 and earlier | Migrate to a fixed release. |
| 14.0 | 14SU5 |
| 15.0 | 15SU4 or apply patch file:1 ciscocm.cuc.V15_CSCwq36774-CSCwq36834_C0277-1.zip |
Cisco PSIRT said it is not aware of any public reports or active malicious exploitation of these vulnerabilities.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Unity Connection)
Source: SecurityAffairs
Source Link: https://securityaffairs.com/191808/breaking-news/cisco-patches-high-severity-flaws-enabling-ssrf-code-execution-attacks.html