| This Multi-State Information Sharing and Analysis Center (MS-ISAC) Advisory is being provided to assist agencies and organizations in guarding against the persistent malicious actions of cybercriminals. NOTE: In an effort to reduce duplicate emails, if you currently receive cybersecurity advisories direct from the MS-ISAC, please let us know by responding to this email. |
| A vulnerability has been discovered in Cisco products. Cisco Unified Communications Manager (Unified CM)/Cisco Unified Communications Manager Session Management Edition (Unified CM SME) is Cisco’s central, software-based call control and session management platform for enterprise communication. Successful exploitation of this vulnerability could allow for Server-Side Request Forgery, where an attacker could write files to the underlying operating system that could be used later to elevate to root. Depending on the location the attacker is able to write files to, they may be able to execute commands or remotely access the affected device. |
| Threat Intelligence |
| There are currently no reports of these vulnerabilities being exploited in the wild. However, proof of concept code appears to exist publicly. |
| Systems Affected |
| Cisco Unified Communications Manager and Session Management Edition 14 prior to 14SU Cisco Unified Communications Manager and Session Management Edition15 prior to 15SU5 (Sep 2026) or COP |
| Risk |
| Government: – Large and medium government entities: Medium – Small government entities: Medium |
| Businesses: – Large and medium business entities: Medium – Small business entities: Medium |
| Home Users: N/A |
| Recommendations |
| Apply appropriate updates provided by Cisco or other vendors which use this software to vulnerable systems immediately after appropriate testing. Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack. Use vulnerability scanning to find potentially exploitable software vulnerabilities to remediate them. Architect sections of the network to isolate critical systems, functions, or resources. Use physical and logical segmentation to prevent access to potentially sensitive systems and information. Use a DMZ to contain any internet-facing services that should not be exposed from the internal network. Configure separate virtual private cloud (VPC) instances to isolate critical cloud systems. Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring. |
| References |