Cisco Unified Communications Manager contains a vulnerability that could allow an unauthenticated, remote attacker to bypass some authentication routines.
The vulnerability exists due to an error in the Real-Time Information Server (RIS) Data Collector service. An unauthenticated, remote attacker could exploit this vulnerability by establishing a connection to the TCP port that is associated with the RIS Data Collector service; by default, this port is TCP port 2556. An exploit could allow the attacker to bypass authentication routines and gain direct access to potentially sensitive information that pertains to the Cisco Unified Communications Manager cluster.
Exploit code is not required for this vulnerability.
Cisco confirmed this vulnerability and released updated software.