Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME). This vulnerability allows an unauthenticated, remote attacker to send crafted HTTP requests that could be exploited to write files to the underlying operating system, potentially leading to privilege escalation to root. The vulnerability arises from improper input validation of certain HTTP requests. To exploit this vulnerability, the WebDialer service must be enabled, which is disabled by default.

Impact

Exploitation of this vulnerability could allow an attacker to perform server-side request forgery attacks, with the potential to write files to the operating system and escalate privileges to root.

Remediation

Cisco has released software updates to address this vulnerability. Users are advised to upgrade to the fixed releases indicated in the advisory. For Cisco Unified CM and Unified CM SME version 14, the first fixed release is 14SU6. For version 15, the first fixed release is 15SU5 (available September 2026) or a version-specific COP patch. Instructions for disabling the WebDialer service are also provided, but this should be considered a temporary mitigation until the software can be updated.