Critical Cisco CUCM Vulnerabilities (CVE-2026-20045 & CVE-2026-20230) — How the ScienceLogic AI Platform Can Help You Assess Exposure: Instructions Part 3- Monitoring, Remediation & PowerPacks

Part 2- Monitoring, Remediation & PowerPacks 

1. What to Monitor

Beyond the per-cluster event policy above, a couple of additions make this a standing, fleet-wide view:

• Keep the event policy enabled so newly discovered or downgraded clusters surface automatically, not just at audit time.
• Treat the collected version as the base release: it does not reflect COP patch state. Where a COP may be the actual fix, mark the result indeterminate rather than "safe."
• Optionally, you can create a custom report or device table keyed on the CUCM Version object and the WebDialer Service Status object, grouped by organization, for a point-in-time exposure rollup across all monitored clusters.

2. Remediation

Cisco's remediation instructions, including the fixed releases, patch files, and upgrade paths, are available here:

• CVE-2026-20045 (RCE): Cisco Security Advisory cisco-sa-voice-rce-mORhqY4b
• CVE-2026-20230 (SSRF): Cisco Security Advisory cisco-sa-cucm-ssrf-cXPnHcW

Note that the ScienceLogic AI Platform scopes exposure; it does not by itself confirm compromise. For the actively-exploited RCE, follow Cisco's advisory for any indicator-of-compromise guidance in addition to patching.

3. PowerPack Recommendation

Ensure you are running the latest "Cisco: CUCM Unified Communications Manager" PowerPack (v115) for current monitoring coverage. It supports CUCM release lines 10.x through 15.x and collects the CUCM Version and per-service status objects this assessment relies on. The PowerPack is available from the ScienceLogic Support Center.

the ScienceLogic AI Platform helps you find and prioritize potentially impacted systems using monitoring data you already collect. It is not a substitute for Cisco's advisories or Software Checker for definitive fixed-version confirmation, and it does not detect active exploitation on its own. Used alongside Cisco's guidance, it turns "which of our CUCM clusters do we need to worry about?" into a fleet-wide report.

References
Cisco advisory — Unified Communications RCE (CVE-2026-20045): cisco-sa-voice-rce-mORhqY4b
Cisco advisory — Unified CM SSRF (CVE-2026-20230): cisco-sa-cucm-ssrf-cXPnHcW
CISA Known Exploited Vulnerabilities catalog: cisa.gov/known-exploited-vulnerabilities-catalog
ScienceLogic AI Platform CUCM PowerPack manual: docs.sciencelogic.com