A vulnerability in the Enterprise License Manager (ELM) of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to access underlying ELM files.
The vulnerability is due to insufficient authentication enforcement. An attacker could exploit this vulnerability by accessing a specific URL related to ELM. An exploit could allow the attacker to access underlying ELM files.
Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.
To exploit this vulnerability, an attacker may need access to trusted, internal network in which the targeted device may reside to access the URL related to EML on the device. This access requirement may reduce the likelihood of a successful exploit.