Cisco Unified CM Vulnerability Grants Root Access

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in Cisco Unified Communications Manager and PTC Windchill and FlexPLM software. These flaws affect specific versions including Cisco Unified CM 14.x and 15.x, as well as PTC Windchill and FlexPLM releases prior to 11.0 M030. The vulnerability types comprise a server-side request forgery (SSRF) issue that can lead to root access and a deserialization flaw that enables remote code execution (RCE). Given the deep integration of these products within enterprise networks, successful exploitation presents severe business risks, including full system compromise and significant operational disruption.[emaillocker id="1283"]

• CVE-2026-20230 – This server-side request forgery vulnerability in the WebDialer service allows an unauthenticated attacker to send a crafted HTTP request, causing the server to write files to the operating system and potentially escalate privileges to root if the service is enabled.
• CVE-2026-12569 – This deserialization flaw in PTC Windchill and FlexPLM enables a remote attacker to execute arbitrary code on the target system by sending a malicious request.

The inclusion of these vulnerabilities in the CISA Known Exploited Vulnerabilities catalog confirms active exploitation in the wild, creating an urgent and critical threat landscape. Attackers leveraging these flaws can achieve complete control over deep-seated network infrastructure, leading to severe operational downtime and potential data exfiltration. Organizations must prioritize addressing these risks immediately to safeguard business continuity and protect sensitive enterprise assets.

RECOMMENDATION:

• We recommend you to update Cisco Unified Communications Manager to version 15SU5.
• We recommend you to update PTC Windchill to version 11.0 M030.

REFERENCES:

The following reports contain further technical details:
https://securityonline.info/cisa-kev-cisco-ptc-windchill/