Vulnerability Details CVE-2017-15359
In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInfo?file=" are the vulnerable parameters. An attacker must be authenticated to exploit this issue to access sensitive information to aid in subsequent attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.069
EPSS Ranking 91.0%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References