Vulnerability Description
An issue was discovered in Pascom Cloud Phone System before 7.20.x. In the management REST API, /services/apply in exd.pl allows remote attackers to execute arbitrary code via shell metacharacters.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pascom | Cloud Phone System | <= 7.19 |
Related Weaknesses (CWE)
References
- https://kerbit.io/research/read/blog/4ExploitThird Party Advisory
- https://tutorialboy24.blogspot.com/2022/03/the-story-of-3-bugs-that-lead-to.htmlExploitThird Party Advisory
- https://www.pascom.net/doc/en/release-notes/Release NotesVendor Advisory
- https://kerbit.io/research/read/blog/4ExploitThird Party Advisory
- https://tutorialboy24.blogspot.com/2022/03/the-story-of-3-bugs-that-lead-to.htmlExploitThird Party Advisory
- https://www.pascom.net/doc/en/release-notes/Release NotesVendor Advisory
FAQ
What is CVE-2021-45966?
CVE-2021-45966 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in Pascom Cloud Phone System before 7.20.x. In the management REST API, /services/apply in exd.pl allows remote attackers to execute arbitrary code via shell metacharacters.
How severe is CVE-2021-45966?
CVE-2021-45966 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-45966?
Check the references section above for vendor advisories and patch information. Affected products include: Pascom Cloud Phone System.