EUVD-2026-34137
GHSA-fcv7-pchj-75c2
Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Lifecycle Timeline
2DescriptionCVE.org
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to write files to the underlying operating system that could be used later to elevate to root. Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root. Note: To exploit this vulnerability, the WebDialer service must be enabled. WebDialer is disabled by default.
AnalysisAI
Server-side request forgery in Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition allows remote unauthenticated attackers to write files to the underlying operating system via crafted HTTP requests, which Cisco notes can be leveraged to escalate to root. Cisco has assigned this a Critical Security Impact Rating despite the 8.6 CVSS score because of the root-escalation pathway. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The WebDialer service on Cisco Unified CM or Unified CM SME must be enabled; Cisco states WebDialer is disabled by default, so only clusters where an administrator has explicitly turned on the click-to-call service are exploitable. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals point in different directions and require careful interpretation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker on a network segment that can reach the Unified CM WebDialer HTTP interface sends a crafted HTTP request that abuses the SSRF/input-validation flaw to write a controlled file onto the Unified CM appliance's filesystem. The attacker then chains that file-write into a follow-on local privilege escalation - for example by dropping a payload into a path consumed by a root-owned service - to obtain root on the Unified CM host. … |
| Remediation | Patch availability is indicated by the published Cisco Security Advisory but no exact fixed version is included in the input data, so administrators should consult https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssrf-cXPnHcW for the fixed Unified CM and Unified CM SME release numbers and upgrade accordingly (patch available per vendor advisory). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: inventory all Unified CM deployments and confirm whether WebDialer service is enabled; disable immediately if operationally feasible. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today