Vulnerabilities In Pascom Phone System Could Allow RCE Attacks

by Abeerah Hashim March 15, 2022

written by Abeerah Hashim March 15, 2022

A researcher has discovered numerous security vulnerabilities affecting Pascom Cloud Phone Systems. Exploiting the bugs could allow an unauthenticated adversary to gain root access to devices.

Pascom Phone System Vulnerabilities

Security researcher Daniel Eshetu from cybersecurity firm Kerbit shared details of three RCE vulnerabilities in Pascom Cloud Phone Systems.

As explained in a post, the researcher could exploit the three vulnerabilities in a chained manner to gain root access. Exploiting this scenario would require no authentication.

Briefly, the researcher found the following three bugs affecting Pascom system.

CVE-2021-45968: a path traversal vulnerability Nginx to Tomcat reverse proxy requests exposed java endpoints.
CVE-2021-45967: a server-side request forgery (SSRF) bug existed due to an outdated Openfire (XMPP server) jar. Exploiting this vulnerability, following CVE-2021-45968, allowed accessing any endpoint.
CVE-2021-45966: a command injection vulnerability existed in a scheduled task. Exploiting this flaw with the other two would complete the remote code execution attack.

The researcher has also shared an exploit demo in his post.

Pascom Patched The Bugs

Upon discovering the vulnerabilities, Kerbit informed Pascom about the bugs in January. Consequently, the vendors released fixes with 7.20.x versions. They confirmed the same via a tweet when the researcher went ahead with publicly disclosing the flaws.

On this note, we just wanted to thank @KerbitSec for the quick and effective cooperation in ensuring we closed these vulnerabilities!

— pascom_net (@pascom_net) March 9, 2022

Hence, all users hosting the CPS should ensure updating their devices to receive the fixes.

Nonetheless, the researcher confirmed that the second vulnerability does not affect CPS hosted on clouds. But the RCE would still work.

If your CPS instance is hosted on the cloud (Provided by PasCom) then the second bug does not exist so it breaks the chain. But it’s still affected by the RCE.

Yet, that doesn’t need any input from the users since Pascom would deploy the patches automatically.

Pascom is a Germany-based cloud phone systems provider facilitating communications for businesses and individuals.

bug Bugs Cloud Phone System flaw flaws Pascom Pascom cloud phone system Pascom cloud phone system bugs Pascom cloud phone system flaws Pascom cloud phone system vulnerabilities VoIP VoIP phone system vulnerabilities vulnerability

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Vulnerabilities In Pascom Phone System Could Allow RCE Attacks

Pascom Phone System Vulnerabilities

Pascom Patched The Bugs

Legacy System Modernization

How Does Blockchain Impact the Financial Industry?

You may also like