.. / CVE-2021-45967

Exploit for Pascom CPS Server-Side Request Forgery (CVE-2021-45967)

Description:

Pascom versions before 7.20 packaged with Cloud Phone System contain a known server-side request forgery vulnerability.

Nuclei Template

View the template here CVE-2021-45967.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-45967.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2021-45967
https://github.com/ARPSyndicate/cvemon
https://tutorialboy24.blogspot.com/2022/03/the-story-of-3-bugs-that-lead-to.html
https://www.pascom.net/doc/en/release-notes/
https://www.pascom.net/doc/en/release-notes/pascom19/
https://kerbit.io/research/read/blog/4