Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecified vectors, aka Bug ID CSCup98029.
https://exchange.xforce.ibmcloud.com/vulnerabilities/95136
http://www.securitytracker.com/id/1030687
http://www.securityfocus.com/bid/69068
http://tools.cisco.com/security/center/viewAlert.x?alertId=35198
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3332