CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-9972

PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of "<space><space> followed by <shift><enter>" mishandling.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 33.5%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 9.0

References

https://www.gosecure.net/blog
https://www.gosecure.net/blog/2022/05/31/security-advisory-multiple-vulnerabilities-impact-3cx-phone-system/
https://www.gosecure.net/blog
https://www.gosecure.net/blog/2022/05/31/security-advisory-multiple-vulnerabilities-impact-3cx-phone-system/

Products affected by CVE-2019-9972

3cx » Phone System » Version: N/A

cpe:2.3:h:3cx:phone_system:-
3cx » Phone System Firmware » Version: 16.0.0.1570

cpe:2.3:o:3cx:phone_system_firmware:16.0.0.1570
Debian » Debian Linux » Version: N/A

cpe:2.3:o:debian:debian_linux:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-9972

Products

Pricing

Contact Us