The bottom line: Cisco warns of critical Unified CM flaw with public exploit code – immediate patch prioritization required.
Cisco has released security updates for a critical vulnerability in Unified Communications Manager (Unified CM) that enables attackers to gain root access to affected systems. Exploit code is already publicly available.
Cisco classifies the security vulnerability in Unified CM as critical (CVSS rating in the critical range) and has provided updates. The vulnerability allows authenticated or unauthenticated attackers to access the system with root privileges – enabling immediate system takeover.
For CISOs, this represents a high priority in patch planning: Unified CM is a central communication system in many enterprise environments and often represents a critical single point of failure. The availability of proof-of-concept code significantly increases the risk of rapid exploitation by threat actors.
The recommendation is to immediately inventory affected Unified CM instances, deploy available patches, and prioritize patch management for this system. Interim measures such as network segmentation and monitoring for suspicious activity should be implemented in parallel.
Source: www.bleepingcomputer.com · Published June 4, 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.2.9.