🎯该漏洞存在于思科多个统一通信产品的API端点，未经授权的远程攻击者可借此使CPU利用率升高，进而对设备的网络管理界面访问及通话处理造成影响。此API在设备正常操作中不太可能被使用。

🚫漏洞原因是API认证不当及请求验证不完全。攻击者可通过向设备特定API发送特制HTTP请求来利用此漏洞，成功后会导致因高CPU利用率而产生的拒绝服务情况，对用户流量和管理访问产生负面影响。

🔧思科已发布软件更新来解决此漏洞，但目前没有其他解决此漏洞的方法。此安全公告可在指定链接查看。

A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for device management and is unlikely to be used in normal operations of the device.

This vulnerability is due to improper API authentication and incomplete validation of the API request. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to high CPU utilization, which could negatively impact user traffic and management access. When the attack stops, the device will recover without manual intervention.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.   

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-apidos-PGsDcdNF