Vulnerabilities (CVE)

Filtered by vendor 3cx Subscribe
Filtered by product 3cx
Total 10 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-49954 1 3cx 1 3cx 2024-02-05 N/A 9.8 CRITICAL
The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address.
CVE-2022-48482 2 3cx, Microsoft 2 3cx, Windows 2024-02-04 N/A 7.5 HIGH
3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows allows unauthenticated remote attackers to read certain files via /Electron/download directory traversal. Files may have credentials, full backups, call recordings, and chat logs.
CVE-2022-48483 1 3cx 1 3cx 2024-02-04 N/A 7.5 HIGH
3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthenticated remote attackers to read %WINDIR%\system32 files via /Electron/download directory traversal in conjunction with a path component that has a drive letter and uses backslash characters. NOTE: this issue exists because of an incomplete fix for CVE-2022-28005.
CVE-2021-45490 1 3cx 1 3cx 2024-02-04 6.4 MEDIUM 9.1 CRITICAL
The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation.
CVE-2021-45491 1 3cx 1 3cx 2024-02-04 4.0 MEDIUM 6.5 MEDIUM
3CX System through 2022-03-17 stores cleartext passwords in a database.
CVE-2022-28005 1 3cx 1 3cx 2024-02-04 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server (via /Electron/download directory traversal in conjunction with a path component that uses backslash characters), leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITY\SYSTEM on Windows installations. NOTE: this issue exists because of an incomplete fix for CVE-2022-48482.
CVE-2019-14935 2 3cx, Microsoft 2 3cx, Windows 2024-02-04 4.6 MEDIUM 7.8 HIGH
3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link.
CVE-2019-13176 1 3cx 1 3cx 2024-02-04 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx component is affected by XXE via a crafted XML document in POST data. There is potential to use this for SSRF (reading local files, outbound HTTP, and outbound DNS).
CVE-2018-7654 1 3cx 1 3cx 2024-02-04 4.0 MEDIUM 6.5 MEDIUM
On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/RecordingList/download?file=" allows full access to files on the server via path traversal.
CVE-2017-15359 1 3cx 1 3cx 2024-02-04 4.0 MEDIUM 6.5 MEDIUM
In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInfo?file=" are the vulnerable parameters. An attacker must be authenticated to exploit this issue to access sensitive information to aid in subsequent attacks.