CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-9971

PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z (aka postrotate-command) option to tcpdump can be unsafe when used in conjunction with sudo.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 28.3%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 9.0

References

https://www.gosecure.net/blog
https://www.gosecure.net/blog/2022/05/31/security-advisory-multiple-vulnerabilities-impact-3cx-phone-system/
https://www.securusglobal.com/community/2014/03/17/how-i-got-root-with-sudo/
https://www.gosecure.net/blog
https://www.gosecure.net/blog/2022/05/31/security-advisory-multiple-vulnerabilities-impact-3cx-phone-system/
https://www.securusglobal.com/community/2014/03/17/how-i-got-root-with-sudo/

Products affected by CVE-2019-9971

3cx » Phone System » Version: N/A

cpe:2.3:h:3cx:phone_system:-
3cx » Phone System Firmware » Version: 16.0.0.1570

cpe:2.3:o:3cx:phone_system_firmware:16.0.0.1570
Debian » Debian Linux » Version: N/A

cpe:2.3:o:debian:debian_linux:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-9971

Products

Pricing

Contact Us