Cucm Hacking -- Github //free\\ - Cisco

| CVE ID | Description | GitHub Exploit Available | Impact | |--------|-------------|--------------------------|--------| | | Unauthorized access to AXL API | Yes (Proof of concept) | Full admin read/write | | CVE-2021-34770 | SQL injection in the risport.cgi | Yes (Metasploit module) | User hash dump | | CVE-2019-16057 | Path traversal in Tomcat | Yes (Python script) | Arbitrary file read | | CVE-2018-0452 | Command injection in CDP service | Yes (Perl exploit) | Remote root shell |

: Includes features to extract usernames via the CUCM User Data Services (UDS) API iCULeak.py (llt4l/iCULeak.py) Cisco CUCM hacking -- GitHub

Many GitHub repositories for CUCM hacking begin with the disclaimer: | CVE ID | Description | GitHub Exploit