The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address.
CVSS Score
9.8
EPSS Score
0.007
Published
2023-12-25
3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthenticated remote attackers to read %WINDIR%\system32 files via /Electron/download directory traversal in conjunction with a path component that has a drive letter and uses backslash characters. NOTE: this issue exists because of an incomplete fix for CVE-2022-28005.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-05-02
3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows allows unauthenticated remote attackers to read certain files via /Electron/download directory traversal. Files may have credentials, full backups, call recordings, and chat logs.
CVSS Score
7.5
EPSS Score
0.006
Published
2023-05-02
3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX DesktopApp Electron macOS application.
CVSS Score
7.8
EPSS Score
0.003
Published
2023-03-30
An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server (via /Electron/download directory traversal in conjunction with a path component that uses backslash characters), leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITY\SYSTEM on Windows installations. NOTE: this issue exists because of an incomplete fix for CVE-2022-48482.
CVSS Score
9.8
EPSS Score
0.047
Published
2022-05-06
The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation.
CVSS Score
9.1
EPSS Score
0.001
Published
2022-03-28
3CX System through 2022-03-17 stores cleartext passwords in a database.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-03-28
3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link.
CVSS Score
7.8
EPSS Score
0.0
Published
2019-08-12
An issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx component is affected by XXE via a crafted XML document in POST data. There is potential to use this for SSRF (reading local files, outbound HTTP, and outbound DNS).
CVSS Score
7.5
EPSS Score
0.004
Published
2019-08-08
On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/RecordingList/download?file=" allows full access to files on the server via path traversal.
CVSS Score
6.5
EPSS Score
0.004
Published
2018-03-04
Page 1