Jail-breaking the Cisco Unified Communication Manager (CUCM)
We have a long and very good relation to the Cisco PSIRT team, reporting vulnerabilities to them and patiently waiting until fixes are provided. But some things, we simply don't consider to be vulnerabilities in the typical sense of the word. This includes artifacts of product behavior that allow you to get the type of the access to the product that you would expect.
The reasoning is that you already have to have a legitimate operating system administrator account on the CUCM, in order to "escalate" your privileges to a remote root shell. That the legitimate operating system administrator account, as provided by the product, isn't actually root, doesn't change the privilege situation one bit. Also, other people have published other guides (e.g. this one) before.
Therefore, we have decided to publish an article on how to gain the access you may want.
Please use this information only on lab systems or virtual installations. It is not recommended to root any actual Cisco appliance and will most likely void your warranty.