Cisco has confirmed that threat actors are actively exploiting a vulnerability in its Unified Communications Manager (Unified CM), a flaw the company patched in early June. The confirmation comes weeks after the initial fix was released, raising concerns about delayed awareness.
The severity of the exploitation is underscored by the availability of a public proof-of-concept (PoC) exploit, which has been circulating since the vulnerability's disclosure. SecurityWeek reports that the first exploitation attempts were observed last week, indicating a narrowing window for unpatched systems.
Technical specifics of the attack vector remain sparse, but the existence of a PoC suggests the flaw is relatively straightforward to weaponize. Cisco has not released indicators of compromise or detailed attack chain information, leaving defenders to rely on generic detection measures.
Cisco urges organizations running Unified CM to apply the June security update immediately. No additional patches or workarounds have been issued as of this writing, and the company has not commented on whether the exploitation campaign has expanded beyond initial observations.
The vulnerability's exploitation follows a pattern common to enterprise communication platforms, where prompt patching is critical but often delayed by operational complexity. Attribution for the attacks remains unknown.