Total
10 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-49954 | 1 3cx | 1 3cx | 2024-02-05 | N/A | 9.8 CRITICAL |
The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address. | |||||
CVE-2022-48482 | 2 3cx, Microsoft | 2 3cx, Windows | 2024-02-04 | N/A | 7.5 HIGH |
3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows allows unauthenticated remote attackers to read certain files via /Electron/download directory traversal. Files may have credentials, full backups, call recordings, and chat logs. | |||||
CVE-2022-48483 | 1 3cx | 1 3cx | 2024-02-04 | N/A | 7.5 HIGH |
3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthenticated remote attackers to read %WINDIR%\system32 files via /Electron/download directory traversal in conjunction with a path component that has a drive letter and uses backslash characters. NOTE: this issue exists because of an incomplete fix for CVE-2022-28005. | |||||
CVE-2021-45490 | 1 3cx | 1 3cx | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation. | |||||
CVE-2021-45491 | 1 3cx | 1 3cx | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
3CX System through 2022-03-17 stores cleartext passwords in a database. | |||||
CVE-2022-28005 | 1 3cx | 1 3cx | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server (via /Electron/download directory traversal in conjunction with a path component that uses backslash characters), leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITY\SYSTEM on Windows installations. NOTE: this issue exists because of an incomplete fix for CVE-2022-48482. | |||||
CVE-2019-14935 | 2 3cx, Microsoft | 2 3cx, Windows | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link. | |||||
CVE-2019-13176 | 1 3cx | 1 3cx | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx component is affected by XXE via a crafted XML document in POST data. There is potential to use this for SSRF (reading local files, outbound HTTP, and outbound DNS). | |||||
CVE-2018-7654 | 1 3cx | 1 3cx | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/RecordingList/download?file=" allows full access to files on the server via path traversal. | |||||
CVE-2017-15359 | 1 3cx | 1 3cx | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInfo?file=" are the vulnerable parameters. An attacker must be authenticated to exploit this issue to access sensitive information to aid in subsequent attacks. |