Multiple vulnerabilities allow attackers to execute code on the underlying OS.
cucm-tftp-harvest
cucm-creds , AXL-SQL-injection
: A multi-threaded tool by TrustedSec designed to automatically discover phones, download their configuration files via TFTP/HTTP, and parse them for SSH credentials and other sensitive data. iCULeak.py Cisco CUCM hacking -- GitHub