23/01/2026

Week 4 – Actively Exploited Zero-Day RCE Hits Cisco Unified CM and Webex Calling

12 – 18 Jan 2026

This week’s CVE of the Week is about the recent remote code execution vulnerability in Cisco’s Unified Communications (CM) products and Webex Calling Dedicated Instance, that has been actively exploited as a zero-day.

This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root.

Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the CVSS score of 8.2 indicates.

Affected products, regardless of device configuration:

Unified CM (CSCwr21851)
Unified CM SME (CSCwr21851)
Unified CM IM&P (CSCwr29216)
Unity Connection (CSCwr29208)
Webex Calling Dedicated Instance (CSCwr21851)

Released patches:

Cisco Unified CM, CM SME, CM IM&P, and Webex Calling Dedicated Instance:

Release 12.5 – Migrate to a fixed release
Release 14 – 14SU5 or apply patch file: ciscocm.V14SU4a_CSCwr21851_remote_code_v1.cop.sha512
Release 15 – 15SU4 (Mar 2026) or apply patch file: ciscocm.V15SU2_CSCwr21851_remote_code_v1.cop.sha512 or ciscocm.V15SU3_CSCwr21851_remote_code_v1.cop.sha512

Cisco Unity Connection:

Release 12.5 – Migrate to a fixed release
Release 14 – 14SU5 or apply patch file: ciscocm.cuc.CSCwr29208_C0266-1.cop.sha512
Release 15 – 15SU4 (Mar 2026) or apply patch file: ciscocm.cuc.CSCwr29208_C0266-1.cop.sha512

Note that patches are version-specific. Consult the README attached to the patch for more details.

To fully remediate the vulnerability, we strongly recommend upgrading to the latest software version as soon as possible, as exploitation attempts have already been observed in the wild.

For more details, please visit Cisco’s official report: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b

White Hat IT Security is a Europe-based Managed Security Services Provider (MSSP) and proud Microsoft Solution Partner. Its Microsoft-verified managed security solutions (MXDR) reflect their deep expertise and commitment to excellence in cybersecurity. The company was awarded the Partner of the Year Hungary Award by Microsoft in 2024 and 2025.

With the largest incident response capacity in the CEE region, they’re trusted by organizations to deliver fast, effective, and proactive protection. Their portfolio includes penetration testing, vulnerability assessments, managed Cyber Threat Intelligence, as well as Governance, Risk and Compliance (GRC) consulting and specialized security training.

They are committed to supporting professional initiatives that aim to raise cybersecurity awareness and maturity—both for individuals and organizations. They regularly contribute to the community through knowledge sharing, education, and outreach, helping to build a safer digital future for all.

Author: White Hat IT Security

Filed Under: CVE of the Week

Tags: cve, cveoftheweek, cybersecurity, informationsecurity, WhiteHatSeries

Week 3 – AI Agents Under Attack: High-Risk Vulnerability in ServiceNow