Known Exploited Vulnerability
8.6
HIGH CVSS 3.1
CVE-2026-20230
Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability - [Actively Exploited]
Description

A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to write files to the underlying operating system that could be used later to elevate to root. Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root. Note: To exploit this vulnerability, the WebDialer service must be enabled. WebDialer is disabled by default.

INFO

Published Date :

June 3, 2026, 6:16 p.m.

Last Modified :

July 1, 2026, 6:15 p.m.

Remotely Exploit :

Yes !
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) contain a server-side request forgery (SSRF) Vulnerability that could allow an unauthenticated, remote attacker to write files to the underlying operating system that could be used later to elevate to root.

Required Action :

Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.

Known Ransomware Campaign Use:

Unknown

Notes :

https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-cucm-ssrf-cXPnHcW.html ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-20230

Affected Products

The following products are affected by CVE-2026-20230 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Cisco unified_communications_manager
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 134c704f-9b21-4f2e-91b3-4a467353bcc0
CVSS 3.1 HIGH [email protected]
CVSS 3.1 HIGH MITRE-CVE
Solution
Apply software updates to fix SSRF vulnerability and prevent file system write access.
  • Update Cisco Unified Communications Manager software.
  • Ensure WebDialer service is disabled if not needed.
  • Restrict access to affected devices.
  • Monitor for suspicious activity.
Public PoC/Exploit Available at Github

CVE-2026-20230 has a 11 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2026-20230.

URL Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssrf-cXPnHcW Vendor Advisory
https://denizhalil.com/2026/06/12/cve-2026-20230-cisco-unified-cm-ssrf/ Exploit Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20230 US Government Resource
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2026-20230 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2026-20230 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Python CLI tool to check CVE details + nuclei template coverage. Security research writeups in /research.

Python

Updated: 2 weeks ago
0 stars 0 fork 0 watcher
Born at : June 28, 2026, 1:27 p.m. This repo has been linked 14 different CVEs too.

None

Python

Updated: 2 weeks, 5 days ago
0 stars 0 fork 0 watcher
Born at : June 25, 2026, 9:56 a.m. This repo has been linked 1 different CVEs too.

Cisco Unified Communications Manager (Unified CM) deployments affected by CVE-2026-20230.

Python

Updated: 1 month ago
0 stars 0 fork 0 watcher
Born at : June 12, 2026, 7:47 p.m. This repo has been linked 1 different CVEs too.

CVE-2026-20230 - Cisco Unified CM

Python

Updated: 2 weeks, 6 days ago
0 stars 1 fork 1 watcher
Born at : June 5, 2026, 1:17 a.m. This repo has been linked 2 different CVEs too.

poc

Python

Updated: 2 weeks, 4 days ago
1 stars 0 fork 0 watcher
Born at : May 28, 2026, 6:56 a.m. This repo has been linked 2 different CVEs too.

None

Python

Updated: 1 month, 1 week ago
0 stars 0 fork 0 watcher
Born at : May 27, 2026, 4:28 p.m. This repo has been linked 10 different CVEs too.

KQL Queries

Updated: 1 month, 1 week ago
0 stars 0 fork 0 watcher
Born at : May 20, 2026, 8:58 a.m. This repo has been linked 12 different CVEs too.

Read-only Linux host checker for supply-chain incident response, including vulnerable kernel posture, risky module state, and known developer-tooling persistence indicators

JavaScript PowerShell

Updated: 1 day, 14 hours ago
1 stars 0 fork 0 watcher
Born at : May 13, 2026, 10:54 p.m. This repo has been linked 45 different CVEs too.

None

Updated: 1 month, 1 week ago
2 stars 0 fork 0 watcher
Born at : Jan. 20, 2023, 1:11 p.m. This repo has been linked 1 different CVEs too.

None

Updated: 2 weeks, 6 days ago
2 stars 0 fork 0 watcher
Born at : Oct. 9, 2022, 1:56 p.m. This repo has been linked 1 different CVEs too.

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

security cve exploit poc vulnerability

Updated: 1 month ago
7810 stars 1261 fork 1261 watcher
Born at : Dec. 8, 2019, 1:03 p.m. This repo has been linked 718 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2026-20230 vulnerability anywhere in the article.

  • europa.eu
Cyber Brief 26-07 - June 2026

Cyber Brief (June 2026)July 1, 2026 - Version: 1TLP:CLEARExecutive summaryWe analysed 366 open source reports for this Cyber Brief.1Relating to cyber policy and law enforcement, the Council of the Eur ... Read more

Published Date: Jul 01, 2026 (1 week, 5 days ago)
  • SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 26

The Good | Authorities Dismantle Malware Networks and Seize Cambodian Scam Infrastructure Following the seizure of a major Phishing-as-a-Service last week, the latest move, part of Operation Endgame, ... Read more

Published Date: Jun 26, 2026 (2 weeks, 3 days ago)
  • SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 26

The Good | Authorities Dismantle Malware Networks and Seize Cambodian Scam Infrastructure Following the seizure of a major Phishing-as-a-Service last week, the latest move, part of Operation Endgame, ... Read more

Published Date: Jun 26, 2026 (2 weeks, 3 days ago)
  • TheCyberThrone
CISA’s KEV Wave: Ubiquiti, Lantronix, and Cisco Unified CM Join the List

CISA’s Known Exploited Vulnerabilities catalog has had a busy several days. On June 23, 2026, three perfect-10 Ubiquiti UniFi OS flaws and a 9.8 root-access Lantronix bug landed in KEV together, with ... Read more

Published Date: Jun 26, 2026 (2 weeks, 4 days ago)
  • security.nl
'Kritiek lek in Cisco Unified Communications Manager misbruikt bij aanvallen'

Een kritieke kwetsbaarheid in Cisco Unified Communications Manager waarvoor begin deze maand een beveiligingsupdate verscheen wordt nu actief misbruikt bij aanvallen. Dat stelt cybersecuritybedrijf De ... Read more

Published Date: Jun 24, 2026 (2 weeks, 6 days ago)
  • The Hacker News
Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root

Threat actors have begun to exploit a recently disclosed critical security flaw impacting Cisco Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Editio ... Read more

Published Date: Jun 24, 2026 (2 weeks, 6 days ago)
  • The Hacker News
Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw

Palo Alto Networks has revealed that it has observed "active exploitation" of a recently disclosed PAN-OS vulnerability by an unknown threat actor to obtain unauthorized access to GlobalProtect portal ... Read more

Published Date: Jun 15, 2026 (4 weeks, 1 day ago)
  • The Hacker News
Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication

Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution. The vul ... Read more

Published Date: Jun 13, 2026 (1 month ago)
  • The Hacker News
China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade

Instead of hiding on the laptops and servers defenders watch most closely, a China-nexus group spent close to a decade hidden inside the Linux login system itself. Sygnia, which tracks the group as Ve ... Read more

Published Date: Jun 12, 2026 (1 month ago)
  • The Hacker News
LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution

Cybersecurity researchers have disclosed details of three now-patched security flaws impacting LangGraph, including a critical vulnerability chain that could result in remote code execution. LangGraph ... Read more

Published Date: Jun 12, 2026 (1 month ago)
  • The Hacker News
ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities

The ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand payment to keep it private. The campaign hit universities hard ... Read more

Published Date: Jun 11, 2026 (1 month ago)
  • The Hacker News
New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files

Security researcher Chaotic Eclipse (aka Nightmare-Eclipse and MSNightmare) has released a new Windows BitLocker bypass dubbed GreatXML, a day after they published an exploit for Microsoft Defender. " ... Read more

Published Date: Jun 11, 2026 (1 month ago)
  • The Hacker News
The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm

A new analysis of The Gentlemen operation has revealed that the financially motivated threat group initially operated as an affiliate responsible for conducting double extortion attacks, while leverag ... Read more

Published Date: Jun 11, 2026 (1 month ago)
  • The Hacker News
ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Action Patch + 28 New Stories

It's been one of those weeks. You expect the usual noise: recycled malware, sloppy attacks, another easy target getting hit. Instead, there's a supply chain attack kit in a public repo, a $5,000-a-mon ... Read more

Published Date: Jun 11, 2026 (1 month ago)
  • The Hacker News
China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance

Cybersecurity researchers have warned of a "resurgence and expansion" of JDY, a covert network associated with China-nexus state-sponsored threat actors. "The JDY botnet comprises over 1,500 SOHO [sma ... Read more

Published Date: Jun 10, 2026 (1 month ago)
  • The Hacker News
Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities

Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure. The security fl ... Read more

Published Date: Jun 10, 2026 (1 month ago)
  • The Hacker News
Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE

A high-severity unpatched security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applications, has come under active exploitation in the wild, according to f ... Read more

Published Date: Jun 10, 2026 (1 month ago)
  • The Hacker News
CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitati ... Read more

Published Date: Jun 10, 2026 (1 month ago)
  • The Hacker News
Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs

Microsoft on Tuesday released fixes for a record 206 security vulnerabilities impacting its software portfolio, including three flaws that have been publicly disclosed at the time of release. Of the 2 ... Read more

Published Date: Jun 10, 2026 (1 month ago)
  • The Hacker News
Anthropic Releases Claude Fable 5, Its Most Powerful AI Yet, With Cyber Safeguards

On June 9, Anthropic released Claude Fable 5, the most capable model it has ever made, generally available. It also did something unusual: it shipped one model as two products, split not by capability ... Read more

Published Date: Jun 10, 2026 (1 month ago)

The following table lists the changes that have been made to the CVE-2026-20230 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Modified Analysis by [email protected]

    Jul. 01, 2026

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Jul. 01, 2026

    Action Type Old Value New Value
    Changed Affected [{'vendor': 'Cisco', 'product': 'Cisco Unified Communications Manager', 'versions': [{'status': 'affected', 'version': 'N/A'}]}] [{'vendor': 'Cisco', 'product': 'Cisco Unified Communications Manager', 'versions': [{'status': 'affected', 'version': '14'}, {'status': 'affected', 'version': '14SU1'}, {'status': 'affected', 'version': '14SU2'}, {'status': 'affected', 'version': '14SU3'}, {'status': 'affected', 'version': '15'}, {'status': 'affected', 'version': '15SU1'}, {'status': 'affected', 'version': '14SU4'}, {'status': 'affected', 'version': '14SU4a'}, {'status': 'affected', 'version': '15SU1a'}, {'status': 'affected', 'version': '15SU2'}, {'status': 'affected', 'version': '15.0.1.13010-1'}, {'status': 'affected', 'version': '15.0.1.13011-1'}, {'status': 'affected', 'version': '15.0.1.13012-1'}, {'status': 'affected', 'version': '15.0.1.13013-1'}, {'status': 'affected', 'version': '15.0.1.13014-1'}, {'status': 'affected', 'version': '15.0.1.13015-1'}, {'status': 'affected', 'version': '15.0.1.13016-1'}, {'status': 'affected', 'version': '15.0.1.13017-1'}, {'status': 'affected', 'version': '15SU3a'}, {'status': 'affected', 'version': '14SU5'}, {'status': 'affected', 'version': '15SU4'}, {'status': 'affected', 'version': '15SU4a'}], 'defaultStatus': 'unknown'}]
    Changed Description A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to write files to the underlying operating system that could be used later to elevate to root. Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root. Note: To exploit this vulnerability, the WebDialer service must be enabled. WebDialer is disabled by default. A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to write files to the underlying operating system that could be used later to elevate to root. Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root. Note: To exploit this vulnerability, the WebDialer service must be enabled. WebDialer is disabled by default.
  • Initial Analysis by [email protected]

    Jun. 26, 2026

    Action Type Old Value New Value
    Added CPE Configuration OR *cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:* versions from (including) 14.0 up to (excluding) 14su6 *cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:* versions from (including) 15.0 up to (including) 15su4a *cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:* versions from (including) 14.0 up to (excluding) 14su6 *cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:* versions from (including) 15.0 up to (including) 15su4a
    Added Reference Type Cisco Systems, Inc.: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssrf-cXPnHcW Types: Vendor Advisory
    Added Reference Type CISA-ADP: https://denizhalil.com/2026/06/12/cve-2026-20230-cisco-unified-cm-ssrf/ Types: Exploit, Third Party Advisory
    Added Reference Type CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20230 Types: US Government Resource
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Jun. 26, 2026

    Action Type Old Value New Value
    Changed SSVC {'id': 'CVE-2026-20230', 'role': 'CISA Coordinator', 'options': [{'exploitation': 'active'}, {'automatable': 'no'}, {'technicalImpact': 'total'}], 'version': '2.0.3', 'timestamp': '2026-06-25T19:50:08.910362Z'} {'id': 'CVE-2026-20230', 'role': 'CISA Coordinator', 'options': [{'exploitation': 'active'}, {'automatable': 'no'}, {'technicalImpact': 'total'}], 'version': '2.0.3', 'timestamp': '2026-06-03T00:00:00+00:00'}
  • CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725

    Jun. 25, 2026

    Action Type Old Value New Value
    Added Date Added 2026-06-25
    Added Due Date 2026-06-25
    Added Required Action 2026-06-25
    Added Vulnerability Name 2026-06-25
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Jun. 25, 2026

    Action Type Old Value New Value
    Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20230
    Changed SSVC {'id': 'CVE-2026-20230', 'role': 'CISA Coordinator', 'options': [{'exploitation': 'poc'}, {'automatable': 'no'}, {'technicalImpact': 'total'}], 'version': '2.0.3', 'timestamp': '2026-06-03T00:00:00+00:00'} {'id': 'CVE-2026-20230', 'role': 'CISA Coordinator', 'options': [{'exploitation': 'active'}, {'automatable': 'no'}, {'technicalImpact': 'total'}], 'version': '2.0.3', 'timestamp': '2026-06-25T19:50:08.910362Z'}
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Jun. 25, 2026

    Action Type Old Value New Value
    Changed SSVC {'id': 'CVE-2026-20230', 'role': 'CISA Coordinator', 'options': [{'exploitation': 'poc'}, {'automatable': 'no'}, {'technicalImpact': 'total'}], 'version': '2.0.3', 'timestamp': '2026-06-24T16:20:41.537697Z'} {'id': 'CVE-2026-20230', 'role': 'CISA Coordinator', 'options': [{'exploitation': 'poc'}, {'automatable': 'no'}, {'technicalImpact': 'total'}], 'version': '2.0.3', 'timestamp': '2026-06-03T00:00:00+00:00'}
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Jun. 24, 2026

    Action Type Old Value New Value
    Added Reference https://denizhalil.com/2026/06/12/cve-2026-20230-cisco-unified-cm-ssrf/
    Changed SSVC {'id': 'CVE-2026-20230', 'role': 'CISA Coordinator', 'options': [{'exploitation': 'none'}, {'automatable': 'no'}, {'technicalImpact': 'total'}], 'version': '2.0.3', 'timestamp': '2026-06-03T00:00:00+00:00'} {'id': 'CVE-2026-20230', 'role': 'CISA Coordinator', 'options': [{'exploitation': 'poc'}, {'automatable': 'no'}, {'technicalImpact': 'total'}], 'version': '2.0.3', 'timestamp': '2026-06-24T16:20:41.537697Z'}
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Jun. 17, 2026

    Action Type Old Value New Value
    Added SSVC {'id': 'CVE-2026-20230', 'role': 'CISA Coordinator', 'options': [{'exploitation': 'none'}, {'automatable': 'no'}, {'technicalImpact': 'total'}], 'version': '2.0.3', 'timestamp': '2026-06-03T00:00:00+00:00'}
  • CVE Modified by [email protected]

    Jun. 17, 2026

    Action Type Old Value New Value
    Added Affected [{'vendor': 'Cisco', 'product': 'Cisco Unified Communications Manager', 'versions': [{'status': 'affected', 'version': 'N/A'}]}]
  • New CVE Received by [email protected]

    Jun. 03, 2026

    Action Type Old Value New Value
    Added Description A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to write files to the underlying operating system that could be used later to elevate to root. Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root. Note: To exploit this vulnerability, the WebDialer service must be enabled. WebDialer is disabled by default.
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
    Added CWE CWE-918
    Added Reference https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssrf-cXPnHcW
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.