Cisco removed backdoor from VoIP and Jabber controller

A couple of days ago, Cisco released a security update for the Cisco Unified Communications Domain Manager, which removed the private SSH root user key.
Yes, you understood everything correctly - not only the public key of the “support” account was stored in the VoIP controller firmware, but also a private key that could be extracted from the firmware and connected to any controller with root user rights

The update note does not say anything about monitoring or tracking calls or messages, however, it is pretty obvious that access to such data could easily be obtained on behalf of root.
It should be noted, Cisco Unified Communications Domain Manager in some cases also served Cisco Jabber.
')
Security advisory