Cisco Products Multiple Vulnerabilities

Release Date: 22 Jan 2026

RISK: Extremely High Risk

TYPE: Security software and application - Security Software & Appliance

Multiple vulnerabilities were identified in Cisco products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, cross-site scripting, remote code execution and elevation of privilege on the targeted system.

 

Note:

CVE-2026-20045 is being exploited in the wild. Due to improper validation of user-supplied input in HTTP requests, an attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. Hence, the risk level is rated as Extremely High Risk.

---

Impact

• Denial of Service
• Elevation of Privilege
• Remote Code Execution
• Cross-Site Scripting

---

System / Technologies affected

• Cisco IEC6400 Wireless Backhaul Edge Compute Software
• Cisco Intersight Connected Virtual Appliance (CVA)
• Cisco Intersight Private Virtual Appliance (PVA)
• Cisco Packaged CCE
• Cisco Unified CCE
• Cisco Unified CM
• Cisco Unified CM IM&P
• Cisco Unified CM SME
• Cisco Unity Connection
• Cisco Webex Calling Dedicated Instance

For affected versions, please refer to the link issued by the vendor:

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucce-pcce-xss-2JVyg3uD
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-privesc-p6tBm6jk
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iec6400-Pem5uQ7v
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b

 

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucce-pcce-xss-2JVyg3uD
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-privesc-p6tBm6jk
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iec6400-Pem5uQ7v
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b

---

Vulnerability Identifier

• CVE-2026-20045
• CVE-2026-20055
• CVE-2026-20080
• CVE-2026-20092
• CVE-2026-20109

---

Source

• Cisco

---

Related Link

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucce-pcce-xss-2JVyg3uD
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-privesc-p6tBm6jk
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iec6400-Pem5uQ7v
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b