Vulnerability Details CVE-2021-45966
An issue was discovered in Pascom Cloud Phone System before 7.20.x. In the management REST API, /services/apply in exd.pl allows remote attackers to execute arbitrary code via shell metacharacters.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.138
EPSS Ranking 94.0%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- https://kerbit.io/research/read/blog/4
- https://tutorialboy24.blogspot.com/2022/03/the-story-of-3-bugs-that-lead-to.html
- https://www.pascom.net/doc/en/release-notes/
- https://kerbit.io/research/read/blog/4
- https://tutorialboy24.blogspot.com/2022/03/the-story-of-3-bugs-that-lead-to.html
- https://www.pascom.net/doc/en/release-notes/
Products affected by CVE-2021-45966
-
cpe:2.3:a:pascom:cloud_phone_system:*