Cisco Unified Communications Manager Unauthenticated log4jinit Access Vulnerability

A vulnerability in the log4jinit web application of Cisco Unified Communications Manager (UCM) could allow an unauthenticated, remote attacker to access the log4jinit web application.

The vulnerability is due to insufficient authentication checking when accessing the log4jinit web application. An attacker could exploit this vulnerability by accessing the log4jinit web application. An exploit could allow the attacker to generate activity in the log4jinit web application and cause performance issues for users currently logged into the Cisco UCM command line.

Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.

To exploit this vulnerability, it is likely that an attacker would need access to trusted, internal networks and the ability to locate an affected device, which may require footprinting the network. These access requirements could limit the possibility of a successful exploit.