Block "https://cucm ip /cucm-uds/users" without impacting Jabber

Halsser · ‎03-12-2025

We are experiencing a vulnerability in the CUCM environment where this URL “https://cucm ip /cucm-uds/users” provides access to all directory user information details, which is a significant security breach.

I would like to find a way to block access to this without impacting Cisco Jabber functionality, as Jabber users should still be able to access UDS.

Any other advice to secure without impacting other functions

Roger Kallberg · ‎03-13-2025

Not sure if you can do that, but if you could do it in some external system, like an IDS or Firewall in-between the clients and the CM system the UDS discovery that is done during the service discovery for Jabber and Webex is using this url https://<CM FQDN>/cucm-uds/clusterUser?username=<USER NAME>. So if you can manage to block just https://<CM FQDN>/cucm-uds/user then it could be possible. I guess you'd just need to try it and see if it works or not as very likely this has not been a topic discussed here before.

Abdallah01 · ‎03-13-2025

.

Halsser · ‎03-13-2025

Thank you @Roger Kallberg

Jonathan Schulenberg · ‎03-14-2025

See Contact Search Authentication in the CUCM Security Guide. It's not enabled by default because older IP Phones don't support it.