What is CVE-2021-45967?

CVE-2021-45967 is a vulnerability in N/a. Published 2022-03-18.

Is CVE-2021-45967 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2021-45967

An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.

EPSS: 0.926 (99.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates

References

www.pascom.net/doc/en/release-notes/ (x_refsource_MISC)
www.pascom.net/doc/en/release-notes/pascom19/ (x_refsource_MISC)
kerbit.io/research/read/blog/4 (x_refsource_MISC)
tutorialboy24.blogspot.com/2022/03/the-story-of-3-bugs-that-lead-to.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-45967?: CVE-2021-45967 is a vulnerability in N/a. Published 2022-03-18.
Is CVE-2021-45967 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.