CVE-2021-45968
published 2022-03-18CVE-2021-45968: An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x (and in other…
PriorityP259high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
10.67%
95.2th percentile
An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x (and in other products). An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pascom | cloud_phone_system | <= 7.19 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect path traversal bypass attempts using semicolon-encoded sequences (..;/) targeting the /services/pluginscript/ endpoint on Pascom/Jive backend Tomcat servers. ↗
- →A difference in HTTP status codes between a direct request to /services/pluginscript/ and the traversal variant /services/pluginscript/..;/..;/ is a positive indicator of exploitation (status_code_2 != status_code_1). ↗
- →The vulnerability resides in the backend Tomcat server of Pascom Cloud Phone System; monitor SSRF/LFI attempts originating from or targeting this component. ↗
- ·The Nuclei template is labelled 'Local File Inclusion' but the NVD description classifies the vulnerability as SSRF (CWE-918); detection logic targets the same endpoint for both attack classes. ↗
- ·Affected versions are Pascom Cloud Phone System before 7.20.x; the detection probe is only meaningful against unpatched instances of this version range. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Pascom CPS - Local File Inclusion
nuclei·CVSS 7.5
CVE-2021-45968 [HIGH] Pascom CPS - Local File Inclusion
Pascom CPS - Local File Inclusion
Pascom packaged with Cloud Phone System (CPS) versions before 7.20 contain a known local file inclusion vulnerability.
Template:
id: CVE-2021-45968
info:
name: Pascom CPS - Local File Inclusion
author: dwisiswant0
severity: high
description: |
Pascom packaged with Cloud Phone System (CPS) versions before 7.20 contain a known local file inclusion vulnerability.
impact: |
The vulnerability can be exploited by an attacker to gain unauthorized access to sensitive information, execute arbitrary code, or perform other malicious activities.
remediation: |
Apply the latest security patches or updates provided by the vendor to fix the Local File Inclusion vulnerability in Pascom CPS.
reference:
- https://kerbit.io/research/read/blog/4
- https://www.pascom.net/d
No writeups or analysis indexed.
https://jivesoftware.com/platform/https://kerbit.io/research/read/blog/4https://tutorialboy24.blogspot.com/2022/03/the-story-of-3-bugs-that-lead-to.htmlhttps://www.pascom.net/doc/en/release-notes/https://www.pascom.net/doc/en/release-notes/pascom19/https://jivesoftware.com/platform/https://kerbit.io/research/read/blog/4https://tutorialboy24.blogspot.com/2022/03/the-story-of-3-bugs-that-lead-to.htmlhttps://www.pascom.net/doc/en/release-notes/https://www.pascom.net/doc/en/release-notes/pascom19/
2022-03-18
Published