Tech Translated

IT Security & Technology Blog

Practical IT insights for Australian businesses. Our team covers cybersecurity advisories, compliance updates, and plain-English explainers on the technology your business relies on, published regularly as the landscape shifts.

All IT Services security alert graphic with warning triangle and PATCH NOW label

The short version: if your business phone system runs on Cisco Unified Communications Manager, patch it today. A critical flaw is being actively exploited, and the US cyber agency CISA has set an emergency fix deadline of Sunday 28 June.

The bug, tracked as CVE-2026-20230, sits in Cisco Unified Communications Manager (formerly CallManager) — the software behind a lot of business phone systems. It is a server-side request forgery flaw that lets an attacker send specially crafted web requests to the server without needing a password. Cisco released a patch on 3 June, but last weekend security researchers spotted it being exploited in real attacks, as reported by BleepingComputer.

Here is why it matters beyond the headline. In plenty of Australian businesses, the phone system is the one box nobody touches — the phones still work, so leave it alone. That is exactly the blind spot attackers count on. A compromised voice server gives them a quiet foothold on your internal network, and it can run up international toll fraud while you sleep. If a managed provider looks after your phones, this is the sort of thing they should already be across.

What to do now

  • Patch immediately. Apply Cisco’s update for CVE-2026-20230, or have whoever manages your phones confirm it is done.
  • Check what you are running. If you are not sure whether you have on-prem Cisco Unified CM, ask the question today, not next week.
  • Lock down access. Your phone management interface should never be reachable from the open internet.

If you are hanging on to ageing on-prem voice gear because replacing it feels like a hassle, treat this as the nudge. A maintained cloud phone platform takes this whole class of patching headache off your plate. Not sure where your business stands? Talk to the All IT team and we will check it for you.

Related Guide

Cybersecurity for Sydney SMBs

Explore our complete guide to protecting your business from cyber threats.

Read the Full Guide →