CVE-2021-45966

Name of the Vulnerable Software and Affected Versions Pascom Cloud Phone System versions prior to 7.20.x

Description An issue was discovered in the management REST API, specifically at the "/services/apply" endpoint in exd.pl, allowing remote attackers to execute arbitrary code via shell metacharacters.

Recommendations For versions prior to 7.20.x, update to version 7.20.x or later to resolve the issue. As a temporary workaround, consider restricting access to the "/services/apply" endpoint in exd.pl to minimize the risk of exploitation.