Three security vulnerabilities that were affecting Pascom Cloud Phone System were recently discovered by the researchers.
The attackers could use these vulnerabilities to string in a chain-like fashion attack to access non-exposed endpoints of the victim by sending arbitrary GET requests to obtain the administrator password.
These can also be used to execute commands as root and can give the attacker full control of the machine and an easy way to escalate privileges
Source: https://thehackernews.com/2022/03/critical-rce-bugs-found-in-pascom-cloud.html?&web_view=true
TPRM report: https://scoringcyber.rankiteo.com/company/pascom-net
"id": "pas3512322",
"linkid": "pascom-net",
"type": "Vulnerability",
"date": "03/2021",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Telecommunications',
'name': 'Pascom',
'type': 'Company'}],
'attack_vector': ['Arbitrary GET Requests', 'Command Execution'],
'description': 'Three security vulnerabilities affecting Pascom Cloud Phone '
'System were discovered by researchers. Attackers could use '
'these vulnerabilities to string in a chain-like fashion '
'attack to access non-exposed endpoints of the victim by '
'sending arbitrary GET requests to obtain the administrator '
'password. These can also be used to execute commands as root '
'and give the attacker full control of the machine and an easy '
'way to escalate privileges.',
'impact': {'systems_affected': ['Pascom Cloud Phone System']},
'motivation': 'Unauthorized Access and Privilege Escalation',
'title': 'Pascom Cloud Phone System Vulnerabilities',
'type': 'Vulnerability Exploitation',
'vulnerability_exploited': ['Privilege Escalation',
'Command Execution as Root']}