CVE-2021-45968 : Security Advisory and Response

An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x (and in other products). This vulnerability allows SSRF through an endpoint in the backend Tomcat server.

Understanding CVE-2021-45968

What is CVE-2021-45968?

CVE-2021-45968 is a vulnerability found in the XMPP Server component of the JIve platform, specifically affecting Pascom Cloud Phone System prior to version 7.20.x, along with other products. The issue enables Server-Side Request Forgery (SSRF) through an endpoint in the Tomcat server.

The Impact of CVE-2021-45968

The vulnerability could allow an attacker to perform SSRF attacks, leading to unauthorized access to internal systems, data exfiltration, and potential network compromise.

Technical Details of CVE-2021-45968

Vulnerability Description

The flaw exists in the xmppserver jar, allowing malicious actors to exploit SSRF via a specific endpoint in the Pascom backend Tomcat server.

Affected Systems and Versions

Pascom Cloud Phone System before version 7.20.x
Other products utilizing the XMPP Server component of the JIve platform

Exploitation Mechanism

The vulnerability permits attackers to manipulate the backend Tomcat server endpoint to send crafted requests, potentially reaching internal resources and executing unauthorized actions.

Mitigation and Prevention

Immediate Steps to Take

Update Pascom Cloud Phone System to version 7.20.x or above to address the vulnerability.
Employ network controls to restrict inbound and outbound traffic to necessary ports and endpoints.

Long-Term Security Practices

Regularly monitor and audit network traffic for suspicious activities.
Implement strong access controls and authentication mechanisms to prevent unauthorized access.

Patching and Updates

Stay informed about security updates for all relevant products and promptly apply patches to fix known vulnerabilities.