Cisco Systems has confirmed that attackers are actively exploiting a vulnerability in Cisco Unified Communications Manager (CM) in the wild. The company detected the first exploitation attempts last week, shortly after a proof-of-concept exploit became publicly available following the vulnerability's disclosure.
Cisco Unified Communications Manager is an enterprise call-processing system widely deployed in corporate environments for voice, video, and messaging services. The affected software serves as the backbone for many organizations' internal and external communication infrastructure, making it a high-value target for attackers seeking to compromise business communications or gain network access.
The vulnerability became exploitable immediately after public disclosure when researchers released proof-of-concept code demonstrating how to trigger the flaw. This rapid transition from disclosure to active exploitation highlights the compressed timeline security teams face when responding to newly revealed vulnerabilities. Attackers monitored the disclosure and quickly weaponized the available exploit code to scan for and compromise vulnerable systems.
Organizations running Cisco Unified CM face potential risks including unauthorized access to communication systems, interception of voice and video traffic, and possible lateral movement within corporate networks. The exploitation could allow attackers to disrupt business communications, steal sensitive information transmitted through the platform, or use compromised systems as entry points for broader network intrusions.
Cisco has released security patches to address the vulnerability. Organizations should immediately identify all Cisco Unified CM deployments in their environment, prioritize patching based on exposure and criticality, and review system logs for indicators of compromise. Security teams should also implement network segmentation to limit potential damage if systems are already compromised, and monitor for unusual activity on communication platforms until patches are fully deployed.
Source: https://www.securityweek.com/cisco-confirms-in-the-wild-exploitation-of-unified-cm-vulnerability/


