If you have followme or CFWD, place calls through your system, and you’ll only be altered once you receive your phone bill.
If you have call recording, they can listen/download to sensitive parts of call information.
Gather some other information from UCP.
However, Sangoma is fully working to secure FreePBX and it’s not really a “hackable thing”
I would worry about UCP being public and someone finding out a UCP password, rather than a flow in the code.
I believe that intrusion prevention will also block failed UCP logins after the amount of bas attempts configured.
With that being said I would love to see 2FA for UCP.
So if I would need to open UCP, I would allow access from (a) specific countries(ry) only, and I would be careful which user permission each account has, and obviously would require password changes every here and there. Lastly, make sure that fail2ban is properly configured.