CVE-2021-45967: 
Openfire vulnerability analysis and mitigation

A configuration error was discovered in Pascom Cloud Phone System before version 7.20.x. The vulnerability (CVE-2021-45967) involves a path traversal issue in the configuration between NGINX and a backend Tomcat server, which exposes unintended endpoints. The issue was discovered in March 2022 and received a CVSS v3.1 base score of 9.8 (CRITICAL) (NVD).

The vulnerability stems from URI parsing inconsistencies between NGINX and Tomcat. When NGINX is configured to reverse proxy requests to Tomcat, the /..;/ path sequence is treated differently by each server - NGINX treats it as a directory while Tomcat interprets it as /../, enabling access to arbitrary servlets. This allows attackers to bypass intended access restrictions and reach non-exposed endpoints (Tutorial Boy).

The vulnerability allows attackers to access unintended endpoints on the Tomcat server through path traversal. When chained with other vulnerabilities, it could potentially lead to unauthorized remote code execution with root privileges in the affected systems (Tutorial Boy).

The vulnerability has been patched in Pascom Cloud Phone System version 7.20.x and later. Users are advised to upgrade to the latest version to mitigate this security issue. Cloud-hosted instances managed by Pascom are automatically updated with the security fixes (Pascom Release Notes).