defense · BleepingComputer
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has set an urgent deadline of June 28 for federal agencies to patch two critical vulnerabilities. CVE-2026-20230 affects Cisco Unified Communications Manager Server and is a server-side request forgery (SSRF) flaw exploitable remotely without authentication via specially crafted HTTP requests. Cisco released a patch on June 3; active exploitation writing arbitrary text files to affected endpoints was observed the following weekend. CISA has also mandated patching of CVE-2026-12569, a remote code execution vulnerability in PTC Windchill and FlexPLM product lifecycle management systems caused by improper input validation in deserialization. PTC disclosed this issue on June 18, with vulnerable versions spanning multiple release branches across both products.
Defense contractors using Cisco collaboration infrastructure or PTC PLM systems for engineering workflows should immediately assess their exposure and prioritize patching under their vulnerability management program, particularly if systems process controlled unclassified information (CUI). SaaS and healthcare organizations relying on Cisco UC for communications should treat this with equivalent urgency. All regulated entities subject to binding operational directives or equivalent compliance frameworks should verify patch deployment by the deadline and document remediation efforts for audit trails. An Omniware engagement can scope the inventory and patch-readiness posture across your infrastructure.
Source: BleepingComputer - https://www.bleepingcomputer.com/news/security/cisa-sets-urgent-deadline-to-fix-cisco-flaw-exploited-in-attacks/
Source: BleepingComputer
All briefings