cucm-creds , AXL-SQL-injection
: Authenticated attackers with administrative access can exploit improper validation in CLI arguments to execute operating system commands as root. Workarounds & "Hacks" Cisco CUCM hacking -- GitHub
Detailed research from firms like Synacktiv highlights complex attack chains documented in GitHub-hosted advisories: unified_multi_path_traversal.py - GitHub : An authenticated remote code execution vulnerability in
: Vulnerabilities in the web-based management interface, such as CVE-2024-20253 and privilege escalation.
: While intended for administration, this tool can be used to quickly export full lists of users and phone numbers to CSV files if administrative AXL credentials are obtained Vulnerability Exploit Modules
: A Python-based tool that exploits known vulnerabilities in CUCM, such as CVE-2019-1858 and CVE-2020-3161. The tool allows users to perform tasks like authentication bypass, command injection, and privilege escalation.
: An authenticated remote code execution vulnerability in the SOAP API endpoint. Defensive & Management Tools