Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2022-28005

An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server (via /Electron/download directory traversal in conjunction with a path component that uses backslash characters), leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITY\SYSTEM on Windows installations. NOTE: this issue exists because of an incomplete fix for CVE-2022-48482.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.047
EPSS Ranking 88.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 5.0
Products affected by CVE-2022-28005
  • 3cx » 3cx » Version: N/A
    cpe:2.3:a:3cx:3cx:-
  • 3cx » 3cx » Version: 12.5
    cpe:2.3:a:3cx:3cx:12.5
  • 3cx » 3cx » Version: 12.5.44178.1002
    cpe:2.3:a:3cx:3cx:12.5.44178.1002
  • 3cx » 3cx » Version: 15
    cpe:2.3:a:3cx:3cx:15
  • 3cx » 3cx » Version: 15.5.3554.1
    cpe:2.3:a:3cx:3cx:15.5.3554.1
  • 3cx » 3cx » Version: 15.5.6354.2
    cpe:2.3:a:3cx:3cx:15.5.6354.2
  • 3cx » 3cx » Version: 18.0.0.1029
    cpe:2.3:a:3cx:3cx:18.0.0.1029
  • 3cx » 3cx » Version: 18.0.0.1142
    cpe:2.3:a:3cx:3cx:18.0.0.1142
  • 3cx » 3cx » Version: 18.0.0.1379
    cpe:2.3:a:3cx:3cx:18.0.0.1379
  • 3cx » 3cx » Version: 18.0.0.1608
    cpe:2.3:a:3cx:3cx:18.0.0.1608
  • 3cx » 3cx » Version: 18.0.0.1849
    cpe:2.3:a:3cx:3cx:18.0.0.1849
  • 3cx » 3cx » Version: 18.0.0.1863
    cpe:2.3:a:3cx:3cx:18.0.0.1863
  • 3cx » 3cx » Version: 18.0.0.1865
    cpe:2.3:a:3cx:3cx:18.0.0.1865
  • 3cx » 3cx » Version: 18.0.0.1871
    cpe:2.3:a:3cx:3cx:18.0.0.1871
  • 3cx » 3cx » Version: 18.0.0.1880
    cpe:2.3:a:3cx:3cx:18.0.0.1880
  • 3cx » 3cx » Version: 18.0.0.451
    cpe:2.3:a:3cx:3cx:18.0.0.451
  • 3cx » 3cx » Version: 18.0.1.214
    cpe:2.3:a:3cx:3cx:18.0.1.214
  • 3cx » 3cx » Version: 18.0.1.226
    cpe:2.3:a:3cx:3cx:18.0.1.226
  • 3cx » 3cx » Version: 18.0.1.234
    cpe:2.3:a:3cx:3cx:18.0.1.234
  • 3cx » 3cx » Version: 18.0.1.237
    cpe:2.3:a:3cx:3cx:18.0.1.237
  • 3cx » 3cx » Version: 18.0.2.302
    cpe:2.3:a:3cx:3cx:18.0.2.302
  • 3cx » 3cx » Version: 18.0.2.307
    cpe:2.3:a:3cx:3cx:18.0.2.307
  • 3cx » 3cx » Version: 18.0.2.314
    cpe:2.3:a:3cx:3cx:18.0.2.314
  • 3cx » 3cx » Version: 18.0.2.315
    cpe:2.3:a:3cx:3cx:18.0.2.315
  • 3cx » 3cx » Version: 18.0.3.444
    cpe:2.3:a:3cx:3cx:18.0.3.444
  • 3cx » 3cx » Version: 18.0.3.450
    cpe:2.3:a:3cx:3cx:18.0.3.450


Products
Pricing
Contact Us

Shodan ® - All rights reserved