Roberto Suggi Liverani, founder of the OWASP (Open Web Application Security Project) New Zealand chapter discover a vulnerability in Cisco CallManager AKA Unified Communications Manager. It is a software-based call-processing system developed by Cisco Systems.
He described on his blog "During a security review, I have found a quick way to perform PIN brute force attack against accounts registered with a Cisco Unified Communications Manager (CallManager)."
Researcher target the HTTP GET requests used by CallManager to initiate the login process. :
https://x.x.x.x/ccmpd/pdCheckLogin.do?name=undefined
He Demonstrated the idea with Burp Suite (Penetration testing Framework). He showed the html form parameter used for login as shown below:
https://x.x.x.x/ccmpd/login.do?sid=_sid_value_&userid=_userid_&pin=_PIN_
The sid token is required to perform the PIN brute force attack. So first get a valid sid token value and then you can brute force userid and pin using dictionary attack or Combination attack.
Others can use HYDRA(most powerful bruteforce tool) , which is capable of brute forcing HTTP web requests.
