Cisco Unified CM flaw actively exploited to drop webshells (CVE-2026-20230)

2026-06-24 14:06

CVE-2026-20230, a server-side request forgery (SSRF) vulnerability affecting Cisco’s Unified Communications Manager (Unified CM), is being exploited to drop webshells and achieve remote code execution capability on the underlying server. “Our honeypots are seeing automated sweeps dropping webshells, all via Tor,” threat intelligence firm Defused warned today, after observing initial attacks over the weekend. “The observed chain abuses the WebDialer SSRF to deploy a rogue Apache Axis service, uses that service to write a first-stage … More →

The post Cisco Unified CM flaw actively exploited to drop webshells (CVE-2026-20230) appeared first on Help Net Security.

This article has been indexed from Help Net Security

Read the original article:

Cisco Unified CM flaw actively exploited to drop webshells (CVE-2026-20230)

← Iran-Linked MuddyWater Poses as Ransomware Gang to Mask Cyber Espionage

Agentic AI Security: Wrong Context, Wrong Decisions at Machine Speed →

Cisco Unified CM flaw actively exploited to drop webshells (CVE-2026-20230)

Read the original article:

Like this:

Related

Read the original article:

Share this:

Like this:

Related

Post navigation