The affected products-Cisco Unified CM and Unified CM SME–are core components of enterprise telephony infrastructure, widely deployed across government agencies, financial institutions, and large corporations to manage voice, video, and messaging at scale.
A flaw in these systems could allow attackers to compromise an organization’s communications, letting them log in remotely with full administrative control to potentially intercept calls, plant backdoors, and disrupt critical services.
Cisco shares tricks to spot exploitation
Cisco said in the advisory that it hasn’t observed any exploitation in the wild, but it has provided a method for customers to detect compromises. Successful logins via the root account would leave traces in system logs located at ‘/var/log/active/syslog/secure’, it said.
