CySecurity News – Latest Information Security and Hacking Incidents
Pascom’s Cloud Phone System has been completely compromised since a combination of three unique vulnerabilities was discovered by security researchers. Daniel Eshetu of Ethiopian infosec firm Kerbit utilized a trio of less critical security issues to gain full pre-authenticated remote code execution (RCE) on the business-focused Voice over IP (VoIP) and generic communication platform.
A path traversal vulnerability, a web server request forgery (SSRF) fault in an arbitrary piece of software, and a post-authentication RCE flaw were the three components of the successful exploit.
The Pascom Cloud Phone Software is a complete collaboration and communication solution which enables enterprises to host and build up private telephone networks across several platforms, as well as manage, maintain, and upgrade virtual phone systems.
According to the company’s LinkedIn, “Pascom, which was founded in 1997 and is the creator of the unique pascom IP phone system software, has over 20 years of expertise providing custom VoIP telecommunications and network infrastructure solutions. By offering organizations a unique, highly professional software-based IP PBX solution, our VoIP phone systems help them add value to the communications.”
An arbitrary path traversal flaw in the web interface, a server-side request forgery (SSRF) owing to an outdated third-party dependency (CVE-2019-18394), and a post-
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: