3CX : Security Vulnerabilities, CVEs, (Directory traversal) CVSS score >= 1
3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthenticated remote attackers to read %WINDIR%\system32 files via /Electron/download directory traversal in conjunction with a path component that has a drive letter and uses backslash characters. NOTE: this issue exists because of an incomplete fix for CVE-2022-28005.
Max CVSS
7.5
EPSS Score
0.16%
Published
2023-05-02
Updated
2023-05-10
3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows allows unauthenticated remote attackers to read certain files via /Electron/download directory traversal. Files may have credentials, full backups, call recordings, and chat logs.
Max CVSS
7.5
EPSS Score
0.16%
Published
2023-05-02
Updated
2023-05-10
An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server (via /Electron/download directory traversal in conjunction with a path component that uses backslash characters), leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITY\SYSTEM on Windows installations. NOTE: this issue exists because of an incomplete fix for CVE-2022-48482.
Max CVSS
9.8
EPSS Score
1.57%
Published
2022-05-06
Updated
2023-05-02
On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/RecordingList/download?file=" allows full access to files on the server via path traversal.
Max CVSS
6.5
EPSS Score
0.07%
Published
2018-03-04
Updated
2018-03-28
In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInfo?file=" are the vulnerable parameters. An attacker must be authenticated to exploit this issue to access sensitive information to aid in subsequent attacks.
Max CVSS
6.5
EPSS Score
0.28%
Published
2017-10-18
Updated
2017-11-13
5 vulnerabilities found