Vulnerabilites related to 3CX - 3CX
cve-2017-15359
Vulnerability from cvelistv5
Published
2017-10-18 18:00
Modified
2024-08-05 19:57
Severity ?
EPSS score ?
Summary
In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInfo?file=" are the vulnerable parameters. An attacker must be authenticated to exploit this issue to access sensitive information to aid in subsequent attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2017/Oct/37 | mailing-list, x_refsource_FULLDISC | |
| https://www.exploit-db.com/exploits/42991/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:25.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20171016 [CVE-2017-15359] 3CX Phone System - Authenticated Directory Traversal",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Oct/37"
},
{
"name": "42991",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42991/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: \"/api/RecordingList/DownloadRecord?file=\" and \"/api/SupportInfo?file=\" are the vulnerable parameters. An attacker must be authenticated to exploit this issue to access sensitive information to aid in subsequent attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-19T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20171016 [CVE-2017-15359] 3CX Phone System - Authenticated Directory Traversal",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Oct/37"
},
{
"name": "42991",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42991/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: \"/api/RecordingList/DownloadRecord?file=\" and \"/api/SupportInfo?file=\" are the vulnerable parameters. An attacker must be authenticated to exploit this issue to access sensitive information to aid in subsequent attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20171016 [CVE-2017-15359] 3CX Phone System - Authenticated Directory Traversal",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Oct/37"
},
{
"name": "42991",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42991/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15359",
"datePublished": "2017-10-18T18:00:00",
"dateReserved": "2017-10-15T00:00:00",
"dateUpdated": "2024-08-05T19:57:25.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-45491
Vulnerability from cvelistv5
Published
2022-03-28 01:14
Modified
2024-08-04 04:39
Severity ?
EPSS score ?
Summary
3CX System through 2022-03-17 stores cleartext passwords in a database.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.3cx.com/community/forums/posts-articles-news/ | x_refsource_MISC | |
| http://packetstormsecurity.com/files/166386/3CX-Phone-System-Cleartext-Passwords.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:39:21.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.3cx.com/community/forums/posts-articles-news/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166386/3CX-Phone-System-Cleartext-Passwords.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "3CX System through 2022-03-17 stores cleartext passwords in a database."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-28T01:14:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.3cx.com/community/forums/posts-articles-news/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/166386/3CX-Phone-System-Cleartext-Passwords.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "3CX System through 2022-03-17 stores cleartext passwords in a database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.3cx.com/community/forums/posts-articles-news/",
"refsource": "MISC",
"url": "https://www.3cx.com/community/forums/posts-articles-news/"
},
{
"name": "http://packetstormsecurity.com/files/166386/3CX-Phone-System-Cleartext-Passwords.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/166386/3CX-Phone-System-Cleartext-Passwords.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45491",
"datePublished": "2022-03-28T01:14:24",
"dateReserved": "2021-12-25T00:00:00",
"dateUpdated": "2024-08-04T04:39:21.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-7654
Vulnerability from cvelistv5
Published
2018-03-04 01:00
Modified
2024-09-17 02:42
Severity ?
EPSS score ?
Summary
On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/RecordingList/download?file=" allows full access to files on the server via path traversal.
References
| ▼ | URL | Tags |
|---|---|---|
| https://medium.com/stolabs/path-traversal-in-3cx-7421a8ffdb7a | x_refsource_MISC | |
| http://www.rootlabs.com.br/path-traversal-in-3cx/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:05.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/stolabs/path-traversal-in-3cx-7421a8ffdb7a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rootlabs.com.br/path-traversal-in-3cx/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "On 3CX 15.5.6354.2 devices, the parameter \"file\" in the request \"/api/RecordingList/download?file=\" allows full access to files on the server via path traversal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-04T01:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/stolabs/path-traversal-in-3cx-7421a8ffdb7a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rootlabs.com.br/path-traversal-in-3cx/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On 3CX 15.5.6354.2 devices, the parameter \"file\" in the request \"/api/RecordingList/download?file=\" allows full access to files on the server via path traversal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://medium.com/stolabs/path-traversal-in-3cx-7421a8ffdb7a",
"refsource": "MISC",
"url": "https://medium.com/stolabs/path-traversal-in-3cx-7421a8ffdb7a"
},
{
"name": "http://www.rootlabs.com.br/path-traversal-in-3cx/",
"refsource": "MISC",
"url": "http://www.rootlabs.com.br/path-traversal-in-3cx/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7654",
"datePublished": "2018-03-04T01:00:00Z",
"dateReserved": "2018-03-03T00:00:00Z",
"dateUpdated": "2024-09-17T02:42:38.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29059
Vulnerability from cvelistv5
Published
2023-03-30 00:00
Modified
2024-08-02 14:00
Severity ?
EPSS score ?
Summary
3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX DesktopApp Electron macOS application.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:14.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cwe.mitre.org/data/definitions/506.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.3cx.com/blog/news/desktopapp-security-alert/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.fortinet.com/blog/threat-research/3cx-desktop-app-compromised"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.huntress.com/blog/3cx-voip-software-compromise-supply-chain-threats"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.sophos.com/en-us/2023/03/29/3cx-dll-sideloading-attack/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX DesktopApp Electron macOS application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-10T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://cwe.mitre.org/data/definitions/506.html"
},
{
"url": "https://www.3cx.com/blog/news/desktopapp-security-alert/"
},
{
"url": "https://www.fortinet.com/blog/threat-research/3cx-desktop-app-compromised"
},
{
"url": "https://www.huntress.com/blog/3cx-voip-software-compromise-supply-chain-threats"
},
{
"url": "https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/"
},
{
"url": "https://news.sophos.com/en-us/2023/03/29/3cx-dll-sideloading-attack/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-29059",
"datePublished": "2023-03-30T00:00:00",
"dateReserved": "2023-03-30T00:00:00",
"dateUpdated": "2024-08-02T14:00:14.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28005
Vulnerability from cvelistv5
Published
2022-05-06 00:00
Modified
2024-08-03 05:41
Severity ?
EPSS score ?
Summary
An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server (via /Electron/download directory traversal in conjunction with a path component that uses backslash characters), leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITY\SYSTEM on Windows installations. NOTE: this issue exists because of an incomplete fix for CVE-2022-48482.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:41:11.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.3cx.com/blog/change-log/phone-system-change-log/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.3cx.com/blog/releases/v18-update-3-final/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.3cx.com/blog/releases/v18-security-hotfix/"
},
{
"tags": [
"x_transferred"
],
"url": "https://medium.com/%40frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server (via /Electron/download directory traversal in conjunction with a path component that uses backslash characters), leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITY\\SYSTEM on Windows installations. NOTE: this issue exists because of an incomplete fix for CVE-2022-48482."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-02T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.3cx.com/blog/change-log/phone-system-change-log/"
},
{
"url": "https://www.3cx.com/blog/releases/v18-update-3-final/"
},
{
"url": "https://www.3cx.com/blog/releases/v18-security-hotfix/"
},
{
"url": "https://medium.com/%40frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-28005",
"datePublished": "2022-05-06T00:00:00",
"dateReserved": "2022-03-28T00:00:00",
"dateUpdated": "2024-08-03T05:41:11.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-49954
Vulnerability from cvelistv5
Published
2023-12-25 00:00
Modified
2024-08-02 22:09
Severity ?
EPSS score ?
Summary
The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cve-2023-49954.github.io/ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:09:49.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cve-2023-49954.github.io/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-25T07:19:17.468212",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://cve-2023-49954.github.io/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49954",
"datePublished": "2023-12-25T00:00:00",
"dateReserved": "2023-12-03T00:00:00",
"dateUpdated": "2024-08-02T22:09:49.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-27362
Vulnerability from cvelistv5
Published
2024-05-03 01:56
Modified
2024-08-02 12:09
Severity ?
EPSS score ?
Summary
3CX Uncontrolled Search Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of 3CX. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-20026.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-1153/ | x_research-advisory | |
| https://www.3cx.com/blog/releases/v18-u8/ | vendor-advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:3cx:3cx:18:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "3cx",
"vendor": "3cx",
"versions": [
{
"status": "affected",
"version": "18"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27362",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-03T17:17:14.461909Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:58.628Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:09:43.362Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1153",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1153/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.3cx.com/blog/releases/v18-u8/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "3CX",
"vendor": "3CX",
"versions": [
{
"status": "affected",
"version": "18"
}
]
}
],
"dateAssigned": "2023-02-28T12:05:54.104-06:00",
"datePublic": "2023-08-21T10:53:20.916-05:00",
"descriptions": [
{
"lang": "en",
"value": "3CX Uncontrolled Search Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of 3CX. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-20026."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:56:13.620Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1153",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1153/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.3cx.com/blog/releases/v18-u8/"
}
],
"source": {
"lang": "en",
"value": "Xavier DANEST"
},
"title": "3CX Uncontrolled Search Path Local Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-27362",
"datePublished": "2024-05-03T01:56:13.620Z",
"dateReserved": "2023-02-28T17:58:45.484Z",
"dateUpdated": "2024-08-02T12:09:43.362Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13176
Vulnerability from cvelistv5
Published
2019-08-08 13:26
Modified
2024-08-04 23:41
Severity ?
EPSS score ?
Summary
An issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx component is affected by XXE via a crafted XML document in POST data. There is potential to use this for SSRF (reading local files, outbound HTTP, and outbound DNS).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.logicallysecure.com/blog/3cx-phone-system-web-console-affected-by-xxe/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.logicallysecure.com/blog/3cx-phone-system-web-console-affected-by-xxe/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx component is affected by XXE via a crafted XML document in POST data. There is potential to use this for SSRF (reading local files, outbound HTTP, and outbound DNS)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-08T13:26:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.logicallysecure.com/blog/3cx-phone-system-web-console-affected-by-xxe/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13176",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx component is affected by XXE via a crafted XML document in POST data. There is potential to use this for SSRF (reading local files, outbound HTTP, and outbound DNS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.logicallysecure.com/blog/3cx-phone-system-web-console-affected-by-xxe/",
"refsource": "MISC",
"url": "https://www.logicallysecure.com/blog/3cx-phone-system-web-console-affected-by-xxe/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13176",
"datePublished": "2019-08-08T13:26:33",
"dateReserved": "2019-07-02T00:00:00",
"dateUpdated": "2024-08-04T23:41:10.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14935
Vulnerability from cvelistv5
Published
2019-08-11 23:03
Modified
2024-08-05 00:34
Severity ?
EPSS score ?
Summary
3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.3cx.com/community/threads/security-issue-with-3cx-windows-client-install.64432/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:52.853Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.3cx.com/community/threads/security-issue-with-3cx-windows-client-install.64432/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "3CX Phone 15 on Windows has insecure permissions on the \"%PROGRAMDATA%\\3CXPhone for Windows\\PhoneApp\" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-11T23:03:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.3cx.com/community/threads/security-issue-with-3cx-windows-client-install.64432/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "3CX Phone 15 on Windows has insecure permissions on the \"%PROGRAMDATA%\\3CXPhone for Windows\\PhoneApp\" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.3cx.com/community/threads/security-issue-with-3cx-windows-client-install.64432/",
"refsource": "MISC",
"url": "https://www.3cx.com/community/threads/security-issue-with-3cx-windows-client-install.64432/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14935",
"datePublished": "2019-08-11T23:03:43",
"dateReserved": "2019-08-11T00:00:00",
"dateUpdated": "2024-08-05T00:34:52.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48482
Vulnerability from cvelistv5
Published
2023-05-02 00:00
Modified
2025-01-30 15:39
Severity ?
EPSS score ?
Summary
3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows allows unauthenticated remote attackers to read certain files via /Electron/download directory traversal. Files may have credentials, full backups, call recordings, and chat logs.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:54.765Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.3cx.com/blog/change-log/phone-system-change-log/"
},
{
"tags": [
"x_transferred"
],
"url": "https://medium.com/%40frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-48482",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T15:38:54.448131Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T15:39:04.190Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows allows unauthenticated remote attackers to read certain files via /Electron/download directory traversal. Files may have credentials, full backups, call recordings, and chat logs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-02T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.3cx.com/blog/change-log/phone-system-change-log/"
},
{
"url": "https://medium.com/%40frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-48482",
"datePublished": "2023-05-02T00:00:00.000Z",
"dateReserved": "2023-05-02T00:00:00.000Z",
"dateUpdated": "2025-01-30T15:39:04.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-45490
Vulnerability from cvelistv5
Published
2022-03-28 01:10
Modified
2024-08-04 04:39
Severity ?
EPSS score ?
Summary
The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.3cx.com/community/forums/posts-articles-news/ | x_refsource_MISC | |
| https://packetstormsecurity.com/files/166376/3CX-Client-Missing-TLS-Validation.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:39:21.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.3cx.com/community/forums/posts-articles-news/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/166376/3CX-Client-Missing-TLS-Validation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-28T01:10:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.3cx.com/community/forums/posts-articles-news/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/166376/3CX-Client-Missing-TLS-Validation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45490",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.3cx.com/community/forums/posts-articles-news/",
"refsource": "MISC",
"url": "https://www.3cx.com/community/forums/posts-articles-news/"
},
{
"name": "https://packetstormsecurity.com/files/166376/3CX-Client-Missing-TLS-Validation.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/166376/3CX-Client-Missing-TLS-Validation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45490",
"datePublished": "2022-03-28T01:10:43",
"dateReserved": "2021-12-25T00:00:00",
"dateUpdated": "2024-08-04T04:39:21.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48483
Vulnerability from cvelistv5
Published
2023-05-02 00:00
Modified
2025-01-30 16:51
Severity ?
EPSS score ?
Summary
3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthenticated remote attackers to read %WINDIR%\system32 files via /Electron/download directory traversal in conjunction with a path component that has a drive letter and uses backslash characters. NOTE: this issue exists because of an incomplete fix for CVE-2022-28005.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:54.759Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.3cx.com/blog/change-log/phone-system-change-log/"
},
{
"tags": [
"x_transferred"
],
"url": "https://medium.com/%40frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-48483",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T16:51:18.583147Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T16:51:25.197Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthenticated remote attackers to read %WINDIR%\\system32 files via /Electron/download directory traversal in conjunction with a path component that has a drive letter and uses backslash characters. NOTE: this issue exists because of an incomplete fix for CVE-2022-28005."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-02T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.3cx.com/blog/change-log/phone-system-change-log/"
},
{
"url": "https://medium.com/%40frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-48483",
"datePublished": "2023-05-02T00:00:00.000Z",
"dateReserved": "2023-05-02T00:00:00.000Z",
"dateUpdated": "2025-01-30T16:51:25.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2018-03-04 01:29
Modified
2024-11-21 04:12
Severity ?
Summary
On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/RecordingList/download?file=" allows full access to files on the server via path traversal.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.rootlabs.com.br/path-traversal-in-3cx/ | Third Party Advisory | |
| cve@mitre.org | https://medium.com/stolabs/path-traversal-in-3cx-7421a8ffdb7a | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.rootlabs.com.br/path-traversal-in-3cx/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://medium.com/stolabs/path-traversal-in-3cx-7421a8ffdb7a | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:3cx:3cx:15.5.6354.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41885263-1D00-4A7F-B897-52863A6AE10E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On 3CX 15.5.6354.2 devices, the parameter \"file\" in the request \"/api/RecordingList/download?file=\" allows full access to files on the server via path traversal."
},
{
"lang": "es",
"value": "En dispositivos 3CX 15.5.6354.2, el par\u00e1metro \"file\" en la petici\u00f3n \"/api/RecordingList/download?file=\" permite el acceso total a archivos en el servidor mediante el salto de directorio."
}
],
"id": "CVE-2018-7654",
"lastModified": "2024-11-21T04:12:29.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-04T01:29:00.487",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.rootlabs.com.br/path-traversal-in-3cx/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://medium.com/stolabs/path-traversal-in-3cx-7421a8ffdb7a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.rootlabs.com.br/path-traversal-in-3cx/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://medium.com/stolabs/path-traversal-in-3cx-7421a8ffdb7a"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-28 02:15
Modified
2024-11-21 06:32
Severity ?
Summary
The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstormsecurity.com/files/166376/3CX-Client-Missing-TLS-Validation.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.3cx.com/community/forums/posts-articles-news/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/166376/3CX-Client-Missing-TLS-Validation.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.3cx.com/community/forums/posts-articles-news/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:3cx:3cx:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "2C9D3D50-9115-4133-98AD-CBD22F64DF8D",
"versionEndIncluding": "18.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:3cx:3cx:*:*:*:*:*:android:*:*",
"matchCriteriaId": "486A0282-3B86-42BF-BF20-8887CD878D22",
"versionEndIncluding": "18.0.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:3cx:3cx:*:*:*:*:legacy:windows:*:*",
"matchCriteriaId": "CA0B0398-637E-4B49-AAF3-46672D832F47",
"versionEndIncluding": "2022-03-17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation."
},
{
"lang": "es",
"value": "Las aplicaciones cliente en 3CX en Windows, la aplicaci\u00f3n 3CX para iOS, y la aplicaci\u00f3n 3CX para Android versiones hasta 17-03-2022 carecen de comprobaci\u00f3n de certificado SSL"
}
],
"id": "CVE-2021-45490",
"lastModified": "2024-11-21T06:32:19.597",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-28T02:15:06.950",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/166376/3CX-Client-Missing-TLS-Validation.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.3cx.com/community/forums/posts-articles-news/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/166376/3CX-Client-Missing-TLS-Validation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.3cx.com/community/forums/posts-articles-news/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-02 05:15
Modified
2025-01-30 16:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows allows unauthenticated remote attackers to read certain files via /Electron/download directory traversal. Files may have credentials, full backups, call recordings, and chat logs.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:3cx:3cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4880CCEA-9410-4708-AB16-6EA5FA1A8437",
"versionEndExcluding": "18.0.2.315",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows allows unauthenticated remote attackers to read certain files via /Electron/download directory traversal. Files may have credentials, full backups, call recordings, and chat logs."
}
],
"id": "CVE-2022-48482",
"lastModified": "2025-01-30T16:15:28.450",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-05-02T05:15:27.407",
"references": [
{
"source": "cve@mitre.org",
"url": "https://medium.com/%40frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://www.3cx.com/blog/change-log/phone-system-change-log/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://medium.com/%40frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.3cx.com/blog/change-log/phone-system-change-log/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-25 08:15
Modified
2024-11-21 08:34
Severity ?
Summary
The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cve-2023-49954.github.io/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cve-2023-49954.github.io/ | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:3cx:3cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BA26323-4B0D-419F-88BD-DFEE4BD66994",
"versionEndExcluding": "18.0.9.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:3cx:3cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93E5C359-516D-4652-B4E8-B57F486DAC75",
"versionEndExcluding": "20.0.0.1494",
"versionStartIncluding": "20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address."
},
{
"lang": "es",
"value": "La integraci\u00f3n de CRM en 3CX anterior a 18.0.9.23 y 20 anterior a 20.0.0.1494 permite la inyecci\u00f3n SQL a trav\u00e9s de un nombre, cadena de b\u00fasqueda o direcci\u00f3n de correo electr\u00f3nico."
}
],
"id": "CVE-2023-49954",
"lastModified": "2024-11-21T08:34:04.420",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-25T08:15:07.933",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cve-2023-49954.github.io/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cve-2023-49954.github.io/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-12 00:15
Modified
2024-11-21 04:27
Severity ?
Summary
3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.3cx.com/community/threads/security-issue-with-3cx-windows-client-install.64432/ | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.3cx.com/community/threads/security-issue-with-3cx-windows-client-install.64432/ | Exploit, Issue Tracking, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:3cx:3cx:15:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4DC720-1669-45A4-A978-118A3CF0FBCB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "3CX Phone 15 on Windows has insecure permissions on the \"%PROGRAMDATA%\\3CXPhone for Windows\\PhoneApp\" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link."
},
{
"lang": "es",
"value": "Phone 15 de 3CX en Windows, presenta permisos no seguros en el directorio de instalaci\u00f3n \"%PROGRAMDATA%\\3CXPhone for Windows\\PhoneApp\", permitiendo acceso de Control total para Everyone y conlleva a una escalada de privilegios debido a un enlace StartUp."
}
],
"id": "CVE-2019-14935",
"lastModified": "2024-11-21T04:27:43.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-12T00:15:10.570",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://www.3cx.com/community/threads/security-issue-with-3cx-windows-client-install.64432/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://www.3cx.com/community/threads/security-issue-with-3cx-windows-client-install.64432/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-08 14:15
Modified
2024-11-21 04:24
Severity ?
Summary
An issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx component is affected by XXE via a crafted XML document in POST data. There is potential to use this for SSRF (reading local files, outbound HTTP, and outbound DNS).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.logicallysecure.com/blog/3cx-phone-system-web-console-affected-by-xxe/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.logicallysecure.com/blog/3cx-phone-system-web-console-affected-by-xxe/ | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:3cx:3cx:12.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "47B3BC8B-F9C0-4AFA-AB79-3285DF0E0138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:3cx:3cx:12.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "2445E6CF-7AA6-4177-9709-8AC77400F383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:3cx:3cx:12.5.44178.1002:*:*:*:*:*:*:*",
"matchCriteriaId": "33B6412D-2C09-475F-A3DD-479613469DCB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx component is affected by XXE via a crafted XML document in POST data. There is potential to use this for SSRF (reading local files, outbound HTTP, and outbound DNS)."
},
{
"lang": "es",
"value": "Se detecto un problema en la consola de administraci\u00f3n del sistema telef\u00f3nico 3CX (web) versiones 12.5.44178.1002 a 12.5 SP2. El componente Content.MainForm.wgx se ve afectado por XXE a trav\u00e9s de un documento XML dise\u00f1ado en datos POST. Existe la posibilidad de usar esto para SSRF (lectura de archivos locales, HTTP saliente y DNS saliente)."
}
],
"id": "CVE-2019-13176",
"lastModified": "2024-11-21T04:24:21.667",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-08T14:15:11.617",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.logicallysecure.com/blog/3cx-phone-system-web-console-affected-by-xxe/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.logicallysecure.com/blog/3cx-phone-system-web-console-affected-by-xxe/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-30 17:15
Modified
2024-11-21 07:56
Severity ?
Summary
3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX DesktopApp Electron macOS application.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:3cx:3cx:18.11.1213:*:*:*:*:macos:*:*",
"matchCriteriaId": "74B53EE3-FBB8-4755-87A7-5F6E49D0A1D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:3cx:3cx:18.12.402:*:*:*:*:macos:*:*",
"matchCriteriaId": "60744EF3-A372-4C3A-834D-7413E529D9DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:3cx:3cx:18.12.407:*:*:*:*:macos:*:*",
"matchCriteriaId": "621E8F42-E99A-4D88-88A5-A35C4129CC93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:3cx:3cx:18.12.407:*:*:*:*:windows:*:*",
"matchCriteriaId": "41B7B637-FBA2-4D47-92D3-8D1876A496C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:3cx:3cx:18.12.416:*:*:*:*:macos:*:*",
"matchCriteriaId": "404313B1-54B9-457B-8AE0-8A574C2029E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:3cx:3cx:18.12.416:*:*:*:*:windows:*:*",
"matchCriteriaId": "7CD7C3F1-14A3-4E96-81AE-DD70BD87984D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX DesktopApp Electron macOS application."
}
],
"id": "CVE-2023-29059",
"lastModified": "2024-11-21T07:56:28.613",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-30T17:15:06.830",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Technical Description"
],
"url": "https://cwe.mitre.org/data/definitions/506.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://news.sophos.com/en-us/2023/03/29/3cx-dll-sideloading-attack/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.3cx.com/blog/news/desktopapp-security-alert/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.fortinet.com/blog/threat-research/3cx-desktop-app-compromised"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.huntress.com/blog/3cx-voip-software-compromise-supply-chain-threats"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description"
],
"url": "https://cwe.mitre.org/data/definitions/506.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://news.sophos.com/en-us/2023/03/29/3cx-dll-sideloading-attack/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.3cx.com/blog/news/desktopapp-security-alert/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.fortinet.com/blog/threat-research/3cx-desktop-app-compromised"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.huntress.com/blog/3cx-voip-software-compromise-supply-chain-threats"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-18 18:29
Modified
2024-11-21 03:14
Severity ?
Summary
In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInfo?file=" are the vulnerable parameters. An attacker must be authenticated to exploit this issue to access sensitive information to aid in subsequent attacks.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2017/Oct/37 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/42991/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2017/Oct/37 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/42991/ | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:3cx:3cx:15.5.3554.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A37C9411-04A8-4414-A7C3-994C2FEE79CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: \"/api/RecordingList/DownloadRecord?file=\" and \"/api/SupportInfo?file=\" are the vulnerable parameters. An attacker must be authenticated to exploit this issue to access sensitive information to aid in subsequent attacks."
},
{
"lang": "es",
"value": "En 3CX Phone System 15.5.3554.1, la consola de gesti\u00f3n suele escuchar al puerto 5001 y es propenso a un ataque de salto de directorio: \"/api/RecordingList/DownloadRecord?file=\" y \"/api/SupportInfo?file=\" son los par\u00e1metros vulnerables. Un atacante debe estar autenticado para explotar este problema y acceder a informaci\u00f3n sensible que pueda resultar de ayuda en futuros ataques."
}
],
"id": "CVE-2017-15359",
"lastModified": "2024-11-21T03:14:32.590",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-18T18:29:00.487",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Oct/37"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/42991/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Oct/37"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/42991/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-02 05:15
Modified
2025-01-30 17:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthenticated remote attackers to read %WINDIR%\system32 files via /Electron/download directory traversal in conjunction with a path component that has a drive letter and uses backslash characters. NOTE: this issue exists because of an incomplete fix for CVE-2022-28005.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:3cx:3cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17EF5885-D9C8-496B-A610-211788AB1B3E",
"versionEndExcluding": "18.0.3.461",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthenticated remote attackers to read %WINDIR%\\system32 files via /Electron/download directory traversal in conjunction with a path component that has a drive letter and uses backslash characters. NOTE: this issue exists because of an incomplete fix for CVE-2022-28005."
}
],
"id": "CVE-2022-48483",
"lastModified": "2025-01-30T17:15:12.333",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-05-02T05:15:28.057",
"references": [
{
"source": "cve@mitre.org",
"url": "https://medium.com/%40frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://www.3cx.com/blog/change-log/phone-system-change-log/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://medium.com/%40frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.3cx.com/blog/change-log/phone-system-change-log/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-28 02:15
Modified
2024-11-21 06:32
Severity ?
Summary
3CX System through 2022-03-17 stores cleartext passwords in a database.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/166386/3CX-Phone-System-Cleartext-Passwords.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.3cx.com/community/forums/posts-articles-news/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/166386/3CX-Phone-System-Cleartext-Passwords.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.3cx.com/community/forums/posts-articles-news/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:3cx:3cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12F827F0-3363-4741-96B6-EF15121706A9",
"versionEndIncluding": "2022-03-17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "3CX System through 2022-03-17 stores cleartext passwords in a database."
},
{
"lang": "es",
"value": "El Sistema 3CX versiones hasta 17-03-2022, almacena contrase\u00f1as en texto sin cifrar en una base de datos"
}
],
"id": "CVE-2021-45491",
"lastModified": "2024-11-21T06:32:19.773",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-28T02:15:06.990",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/166386/3CX-Phone-System-Cleartext-Passwords.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.3cx.com/community/forums/posts-articles-news/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/166386/3CX-Phone-System-Cleartext-Passwords.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.3cx.com/community/forums/posts-articles-news/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-06 15:15
Modified
2024-11-21 06:56
Severity ?
Summary
An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server (via /Electron/download directory traversal in conjunction with a path component that uses backslash characters), leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITY\SYSTEM on Windows installations. NOTE: this issue exists because of an incomplete fix for CVE-2022-48482.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://medium.com/%40frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88 | ||
| cve@mitre.org | https://www.3cx.com/blog/change-log/phone-system-change-log/ | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.3cx.com/blog/releases/v18-security-hotfix/ | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.3cx.com/blog/releases/v18-update-3-final/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://medium.com/%40frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.3cx.com/blog/change-log/phone-system-change-log/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.3cx.com/blog/releases/v18-security-hotfix/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.3cx.com/blog/releases/v18-update-3-final/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:3cx:3cx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99FDE5E8-11DF-4459-83DD-454FF00AA762",
"versionEndIncluding": "18.0.3.450",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server (via /Electron/download directory traversal in conjunction with a path component that uses backslash characters), leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITY\\SYSTEM on Windows installations. NOTE: this issue exists because of an incomplete fix for CVE-2022-48482."
},
{
"lang": "es",
"value": "Se ha detectado un problema en 3CX Phone System Management Console versiones anteriores a 18 Actualizaci\u00f3n 3 FINAL. Un atacante no autenticado podr\u00eda abusar del acceso asegurado inapropiadamente a archivos arbitrarios en el servidor, conllevando a una divulgaci\u00f3n de credenciales en texto sin cifrar. Luego, el atacante autenticado es capaz de cargar un archivo que sobrescribe un binario de servicio 3CX, conllevando a una ejecuci\u00f3n de c\u00f3digo remota como NT AUTHORITY\\SYSTEM en instalaciones Windows. Las versiones anteriores a 18, Hotfix 1 Build 18.0.3.461 March 2022, son propensas a un acceso adicional no autenticado al sistema de archivos C:\\Windows\\System32"
}
],
"id": "CVE-2022-28005",
"lastModified": "2024-11-21T06:56:35.623",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-06T15:15:08.787",
"references": [
{
"source": "cve@mitre.org",
"url": "https://medium.com/%40frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.3cx.com/blog/change-log/phone-system-change-log/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.3cx.com/blog/releases/v18-security-hotfix/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.3cx.com/blog/releases/v18-update-3-final/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://medium.com/%40frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.3cx.com/blog/change-log/phone-system-change-log/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.3cx.com/blog/releases/v18-security-hotfix/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.3cx.com/blog/releases/v18-update-3-final/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-202305-0189
Vulnerability from variot
3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthenticated remote attackers to read %WINDIR%\system32 files via /Electron/download directory traversal in conjunction with a path component that has a drive letter and uses backslash characters. NOTE: this issue exists because of an incomplete fix for CVE-2022-28005. 3CX of 3cx Exists in a past traversal vulnerability.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202305-0189",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "3cx",
"scope": "lt",
"trust": 1.0,
"vendor": "3cx",
"version": "18.0.3.461"
},
{
"model": "3cx",
"scope": "eq",
"trust": 0.8,
"vendor": "3cx",
"version": "18.0.3.461"
},
{
"model": "3cx",
"scope": "eq",
"trust": 0.8,
"vendor": "3cx",
"version": null
},
{
"model": "3cx",
"scope": null,
"trust": 0.8,
"vendor": "3cx",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-009865"
},
{
"db": "NVD",
"id": "CVE-2022-48483"
}
]
},
"cve": "CVE-2022-48483",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-48483",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-48483",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-48483",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-48483",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202305-074",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-009865"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-074"
},
{
"db": "NVD",
"id": "CVE-2022-48483"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthenticated remote attackers to read %WINDIR%\\system32 files via /Electron/download directory traversal in conjunction with a path component that has a drive letter and uses backslash characters. NOTE: this issue exists because of an incomplete fix for CVE-2022-28005. 3CX of 3cx Exists in a past traversal vulnerability.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-48483"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009865"
},
{
"db": "VULMON",
"id": "CVE-2022-48483"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-48483",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009865",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202305-074",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-48483",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-48483"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009865"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-074"
},
{
"db": "NVD",
"id": "CVE-2022-48483"
}
]
},
"id": "VAR-202305-0189",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.2652174
},
"last_update_date": "2024-08-14T13:41:49.498000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "3CX Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=236961"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202305-074"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.0
},
{
"problemtype": "Path traversal (CWE-22) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-009865"
},
{
"db": "NVD",
"id": "CVE-2022-48483"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.3cx.com/blog/change-log/phone-system-change-log/"
},
{
"trust": 1.8,
"url": "https://medium.com/%40frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-48483"
},
{
"trust": 0.7,
"url": "https://medium.com/@frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-48483/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-48483"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009865"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-074"
},
{
"db": "NVD",
"id": "CVE-2022-48483"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-48483"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009865"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-074"
},
{
"db": "NVD",
"id": "CVE-2022-48483"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-02T00:00:00",
"db": "VULMON",
"id": "CVE-2022-48483"
},
{
"date": "2023-12-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-009865"
},
{
"date": "2023-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202305-074"
},
{
"date": "2023-05-02T05:15:28.057000",
"db": "NVD",
"id": "CVE-2022-48483"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-02T00:00:00",
"db": "VULMON",
"id": "CVE-2022-48483"
},
{
"date": "2023-12-07T01:58:00",
"db": "JVNDB",
"id": "JVNDB-2023-009865"
},
{
"date": "2023-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202305-074"
},
{
"date": "2023-11-07T03:56:34.183000",
"db": "NVD",
"id": "CVE-2022-48483"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202305-074"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3CX\u00a0 of \u00a03cx\u00a0 Past traversal vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-009865"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202305-074"
}
],
"trust": 0.6
}
}
var-201808-0411
Vulnerability from variot
The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname. 3CX is an IP phone device from 3CX Corporation of the United States. The vulnerability stems from a program that failed to handle errors correctly in stack trace. An attacker could exploit the vulnerability to reveal information about the server
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0411",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "web server",
"scope": "eq",
"trust": 2.4,
"vendor": "3cx",
"version": "15.5.8801.3"
},
{
"model": "3cx",
"scope": "eq",
"trust": 0.6,
"vendor": "3cx",
"version": "15.5.8801.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16260"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008565"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-133"
},
{
"db": "NVD",
"id": "CVE-2018-14907"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:3cx:3cx_web_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008565"
}
]
},
"cve": "CVE-2018-14907",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-14907",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-16260",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2018-14907",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-14907",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-14907",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-16260",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-133",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16260"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008565"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-133"
},
{
"db": "NVD",
"id": "CVE-2018-14907"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname. 3CX is an IP phone device from 3CX Corporation of the United States. The vulnerability stems from a program that failed to handle errors correctly in stack trace. An attacker could exploit the vulnerability to reveal information about the server",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14907"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008565"
},
{
"db": "CNVD",
"id": "CNVD-2018-16260"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-14907",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008565",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-16260",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201808-133",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16260"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008565"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-133"
},
{
"db": "NVD",
"id": "CVE-2018-14907"
}
]
},
"id": "VAR-201808-0411",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16260"
}
],
"trust": 0.8652173999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16260"
}
]
},
"last_update_date": "2024-11-23T23:04:59.586000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.3cx.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008565"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-209",
"trust": 1.0
},
{
"problemtype": "CWE-388",
"trust": 0.8
},
{
"problemtype": "CWE-200",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008565"
},
{
"db": "NVD",
"id": "CVE-2018-14907"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://medium.com/stolabs/security-issues-on-3cx-web-service-d9dc7f1bea79"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14907"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14907"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16260"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008565"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-133"
},
{
"db": "NVD",
"id": "CVE-2018-14907"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-16260"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008565"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-133"
},
{
"db": "NVD",
"id": "CVE-2018-14907"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-16260"
},
{
"date": "2018-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008565"
},
{
"date": "2018-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-133"
},
{
"date": "2018-08-03T18:29:00.830000",
"db": "NVD",
"id": "CVE-2018-14907"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-16260"
},
{
"date": "2018-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008565"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-133"
},
{
"date": "2024-11-21T03:50:03.900000",
"db": "NVD",
"id": "CVE-2018-14907"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-133"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3CX Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16260"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-133"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-133"
}
],
"trust": 0.6
}
}
var-202203-0548
Vulnerability from variot
3CX System through 2022-03-17 stores cleartext passwords in a database. 3CX of 3cx There is a vulnerability in plaintext storage of important information.Information may be obtained. 3CX Phone is a software-based private branch switch. This product can be used with SIP standard-based IP phones, SIP trunks and VoIP gateways to provide a complete communication solution.
The 3CX Phone System has a security vulnerability that stems from the fact that the 3CX Phone System stores passwords in clear text and makes them exportable in the management interface. No detailed vulnerability details are currently provided. #############################################################
COMPASS SECURITY ADVISORY
https://www.compass-security.com/research/advisories/
Product: 3CX Phone System
Vendor: 3CX
CSNC ID: CSNC-2021-022
CVE ID: CVE-2021-45491
Subject: Exportable Cleartext Passwords
CWE-ID: CWE-257 (Storing Passwords in a Recoverable Format)
Severity: Medium
Effect: Credential Reuse
Author: Emanuel Duss emanuel.duss@compass-security.com
Date: 2022-03-17
Introduction
3CX is an open-platform office phone system that runs on premise on Windows or Linux. 3CX was built for mobility, with remote work apps that offer secured communication for the whole team. With the Android, iOS and Windows apps, business communication is no longer tied to the office building. [1]
During a customer project, we identified a security vulnerability in the 3CX system.
Affected
- All versions of the 3CX application are affected.
- There is no fix from the vendor.
This can be verified by exporting the credentials via the admin interface or by looking into the SQL database. This issue is also already documented in the community forum since 2019 [2].
The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts. [3]
Vulnerability Classification
CVSS v3.1 Metrics [4]:
- CVSS Base Score: 5.5 (Medium)
- CVSS Vector: AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Workaround / Fix
3CX Vendor
A password hash function such as PBKDF2, bcrypt or scrypt should be used for passwords. The passwords should also be provided with a salt that is generated individually for each user. This can make attacks that use rainbow tables or pre-calculated wordlists more difficult.
3CX Users
There is no security update for this vulnerability at the moment. According to the 3CX, the vulnerability will be tackled in future redesigns of the management console.
Timeline
2021-12-16: Vulnerability discovered 2021-12-17: Discussed vulnerability with our customer Asked 3CX for security contact on Twitter, community forum, support email and contact form. Got response via support mail. Security contact was dpo@3cx.com Provided details Requested CVE ID @ MITRE 2021-12-25: Assigned CVE-2021-45491 2022-01-03: Asked vendor if they understood the vulnerability. Answer: Report was distributed internally. 2022-01-18: Asked vendor for any updates. 2022-02-02: Asked vendor for any updates. 2022-02-10: Asked vendor for any updates. 3CX can't tell when the issue will be fixed. 2022-03-11: Asked vendor for any updates. 3CX thanked for the report. Issues will be tackled in future redesigns of the management console. 2022-03-17: Coordinated public disclosure
Acknowledgement
Thanks 3CX for the coordinated disclosure.
References
[1] https://www.3cx.com/ [2] https://www.3cx.de/forum/threads/klartext-passwort-willkommen-mail-also-auch-in-db.94280/ [3] https://cwe.mitre.org/data/definitions/257.html [4] https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N&version=3.1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-0548",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "3cx",
"scope": "lte",
"trust": 1.0,
"vendor": "3cx",
"version": "2022-03-17"
},
{
"model": "3cx",
"scope": null,
"trust": 0.8,
"vendor": "3cx",
"version": null
},
{
"model": "3cx",
"scope": "lte",
"trust": 0.8,
"vendor": "3cx",
"version": "2022-03-17 and earlier"
},
{
"model": "3cx",
"scope": "eq",
"trust": 0.8,
"vendor": "3cx",
"version": null
},
{
"model": "phone",
"scope": "lt",
"trust": 0.6,
"vendor": "3cx",
"version": "2022-03-17"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-29580"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019014"
},
{
"db": "NVD",
"id": "CVE-2021-45491"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emanuel Duss",
"sources": [
{
"db": "PACKETSTORM",
"id": "166386"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1924"
}
],
"trust": 0.7
},
"cve": "CVE-2021-45491",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2021-45491",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2022-29580",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-45491",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-45491",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-45491",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-45491",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2022-29580",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-1924",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-45491",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-29580"
},
{
"db": "VULMON",
"id": "CVE-2021-45491"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019014"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1924"
},
{
"db": "NVD",
"id": "CVE-2021-45491"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3CX System through 2022-03-17 stores cleartext passwords in a database. 3CX of 3cx There is a vulnerability in plaintext storage of important information.Information may be obtained. 3CX Phone is a software-based private branch switch. This product can be used with SIP standard-based IP phones, SIP trunks and VoIP gateways to provide a complete communication solution. \n\r\n\r\nThe 3CX Phone System has a security vulnerability that stems from the fact that the 3CX Phone System stores passwords in clear text and makes them exportable in the management interface. No detailed vulnerability details are currently provided. #############################################################\n#\n# COMPASS SECURITY ADVISORY\n# https://www.compass-security.com/research/advisories/\n#\n#############################################################\n#\n# Product: 3CX Phone System\n# Vendor: 3CX\n# CSNC ID: CSNC-2021-022\n# CVE ID: CVE-2021-45491\n# Subject: Exportable Cleartext Passwords\n# CWE-ID: CWE-257 (Storing Passwords in a Recoverable Format)\n# Severity: Medium\n# Effect: Credential Reuse\n# Author: Emanuel Duss \u003cemanuel.duss@compass-security.com\u003e\n# Date: 2022-03-17\n#\n#############################################################\n\nIntroduction\n------------\n\n3CX is an open-platform office phone system that runs on premise on Windows or\nLinux. 3CX was built for mobility, with remote work apps that offer secured\ncommunication for the whole team. With the Android, iOS and Windows apps,\nbusiness communication is no longer tied to the office building. [1]\n\nDuring a customer project, we identified a security vulnerability in the 3CX\nsystem. \n\n\nAffected\n--------\n\n- All versions of the 3CX application are affected. \n- There is no fix from the vendor. \n\nThis can be verified by exporting the credentials via the admin interface or by\nlooking into the SQL database. This issue is also already documented in the\ncommunity forum since 2019 [2]. \n\nThe storage of passwords in a recoverable format makes them subject to password\nreuse attacks by malicious users. In fact, it should be noted that recoverable\nencrypted passwords provide no significant benefit over plaintext passwords\nsince they are subject not only to reuse by malicious attackers but also by\nmalicious insiders. If a system administrator can recover a password directly,\nor use a brute force search on the available information, the administrator can\nuse the password on other accounts. [3]\n\n\nVulnerability Classification\n----------------------------\n\nCVSS v3.1 Metrics [4]:\n\n- CVSS Base Score: 5.5 (Medium)\n- CVSS Vector: AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N\n\n\nWorkaround / Fix\n----------------\n\n# 3CX Vendor\n\nA password hash function such as PBKDF2, bcrypt or scrypt should be used for\npasswords. The passwords should also be provided with a salt that is generated\nindividually for each user. This can make attacks that use rainbow tables or\npre-calculated wordlists more difficult. \n\n# 3CX Users\n\nThere is no security update for this vulnerability at the moment. According to\nthe 3CX, the vulnerability will be tackled in future redesigns of the\nmanagement console. \n\n\nTimeline\n--------\n\n2021-12-16: Vulnerability discovered\n2021-12-17: Discussed vulnerability with our customer\n Asked 3CX for security contact on Twitter, community forum, support\n email and contact form. \n Got response via support mail. Security contact was dpo@3cx.com\n Provided details\n Requested CVE ID @ MITRE\n2021-12-25: Assigned CVE-2021-45491\n2022-01-03: Asked vendor if they understood the vulnerability. \n Answer: Report was distributed internally. \n2022-01-18: Asked vendor for any updates. \n2022-02-02: Asked vendor for any updates. \n2022-02-10: Asked vendor for any updates. 3CX can\u0027t tell when the issue will\n be fixed. \n2022-03-11: Asked vendor for any updates. 3CX thanked for the report. Issues\n will be tackled in future redesigns of the management console. \n2022-03-17: Coordinated public disclosure\n\n\nAcknowledgement\n---------------\n\nThanks 3CX for the coordinated disclosure. \n\n\nReferences\n----------\n\n[1] https://www.3cx.com/\n[2] https://www.3cx.de/forum/threads/klartext-passwort-willkommen-mail-also-auch-in-db.94280/\n[3] https://cwe.mitre.org/data/definitions/257.html\n[4] https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N\u0026version=3.1\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-45491"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019014"
},
{
"db": "CNVD",
"id": "CNVD-2022-29580"
},
{
"db": "VULMON",
"id": "CVE-2021-45491"
},
{
"db": "PACKETSTORM",
"id": "166386"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-45491",
"trust": 4.0
},
{
"db": "PACKETSTORM",
"id": "166386",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019014",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-29580",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2022030096",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1924",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-45491",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-29580"
},
{
"db": "VULMON",
"id": "CVE-2021-45491"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019014"
},
{
"db": "PACKETSTORM",
"id": "166386"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1924"
},
{
"db": "NVD",
"id": "CVE-2021-45491"
}
]
},
"id": "VAR-202203-0548",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-29580"
}
],
"trust": 1.2326087000000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-29580"
}
]
},
"last_update_date": "2024-11-23T22:47:29.740000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": null,
"trust": 0.1,
"url": "https://www.theregister.co.uk/2023/04/12/3cx_client_update_for_security/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-45491"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-312",
"trust": 1.0
},
{
"problemtype": "Plaintext storage of important information (CWE-312) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019014"
},
{
"db": "NVD",
"id": "CVE-2021-45491"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "http://packetstormsecurity.com/files/166386/3cx-phone-system-cleartext-passwords.html"
},
{
"trust": 2.5,
"url": "https://www.3cx.com/community/forums/posts-articles-news/"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45491"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2022030096"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-45491/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/312.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.theregister.co.uk/2023/04/12/3cx_client_update_for_security/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/257.html"
},
{
"trust": 0.1,
"url": "https://www.3cx.de/forum/threads/klartext-passwort-willkommen-mail-also-auch-in-db.94280/"
},
{
"trust": 0.1,
"url": "https://www.compass-security.com/research/advisories/"
},
{
"trust": 0.1,
"url": "https://www.3cx.com/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=av:n/ac:l/pr:h/ui:n/s:c/c:l/i:l/a:n\u0026version=3.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-29580"
},
{
"db": "VULMON",
"id": "CVE-2021-45491"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019014"
},
{
"db": "PACKETSTORM",
"id": "166386"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1924"
},
{
"db": "NVD",
"id": "CVE-2021-45491"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-29580"
},
{
"db": "VULMON",
"id": "CVE-2021-45491"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019014"
},
{
"db": "PACKETSTORM",
"id": "166386"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1924"
},
{
"db": "NVD",
"id": "CVE-2021-45491"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-29580"
},
{
"date": "2022-03-28T00:00:00",
"db": "VULMON",
"id": "CVE-2021-45491"
},
{
"date": "2023-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-019014"
},
{
"date": "2022-03-21T22:27:59",
"db": "PACKETSTORM",
"id": "166386"
},
{
"date": "2022-03-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1924"
},
{
"date": "2022-03-28T02:15:06.990000",
"db": "NVD",
"id": "CVE-2021-45491"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-29580"
},
{
"date": "2022-03-31T00:00:00",
"db": "VULMON",
"id": "CVE-2021-45491"
},
{
"date": "2023-07-13T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2021-019014"
},
{
"date": "2022-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1924"
},
{
"date": "2024-11-21T06:32:19.773000",
"db": "NVD",
"id": "CVE-2021-45491"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1924"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3CX\u00a0 of \u00a03cx\u00a0 Vulnerability in plaintext storage of important information in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019014"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1924"
}
],
"trust": 0.6
}
}
var-202303-2580
Vulnerability from variot
3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX DesktopApp Electron macOS application. 3CX multiple of OS for 3cx Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202303-2580",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "3cx",
"scope": "eq",
"trust": 1.8,
"vendor": "3cx",
"version": "18.12.407"
},
{
"model": "3cx",
"scope": "eq",
"trust": 1.8,
"vendor": "3cx",
"version": "18.12.402"
},
{
"model": "3cx",
"scope": "eq",
"trust": 1.8,
"vendor": "3cx",
"version": "18.11.1213"
},
{
"model": "3cx",
"scope": "eq",
"trust": 1.8,
"vendor": "3cx",
"version": "18.12.416"
},
{
"model": "3cx",
"scope": "eq",
"trust": 0.8,
"vendor": "3cx",
"version": null
},
{
"model": "3cx",
"scope": null,
"trust": 0.8,
"vendor": "3cx",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-006580"
},
{
"db": "NVD",
"id": "CVE-2023-29059"
}
]
},
"cve": "CVE-2023-29059",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-29059",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-29059",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-29059",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-29059",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202303-2681",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-006580"
},
{
"db": "CNNVD",
"id": "CNNVD-202303-2681"
},
{
"db": "NVD",
"id": "CVE-2023-29059"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX DesktopApp Electron macOS application. 3CX multiple of OS for 3cx Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-29059"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-006580"
},
{
"db": "VULMON",
"id": "CVE-2023-29059"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-29059",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2023-006580",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202303-2681",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-29059",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-29059"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-006580"
},
{
"db": "CNNVD",
"id": "CNNVD-202303-2681"
},
{
"db": "NVD",
"id": "CVE-2023-29059"
}
]
},
"id": "VAR-202303-2580",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.2652174
},
"last_update_date": "2024-08-14T14:49:12.020000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "3CX Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=231833"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202303-2681"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-006580"
},
{
"db": "NVD",
"id": "CVE-2023-29059"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://cwe.mitre.org/data/definitions/506.html"
},
{
"trust": 2.5,
"url": "https://www.3cx.com/blog/news/desktopapp-security-alert/"
},
{
"trust": 2.5,
"url": "https://www.fortinet.com/blog/threat-research/3cx-desktop-app-compromised"
},
{
"trust": 2.5,
"url": "https://www.huntress.com/blog/3cx-voip-software-compromise-supply-chain-threats"
},
{
"trust": 2.5,
"url": "https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/"
},
{
"trust": 2.5,
"url": "https://news.sophos.com/en-us/2023/03/29/3cx-dll-sideloading-attack/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-29059"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-29059/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-29059"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-006580"
},
{
"db": "CNNVD",
"id": "CNNVD-202303-2681"
},
{
"db": "NVD",
"id": "CVE-2023-29059"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-29059"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-006580"
},
{
"db": "CNNVD",
"id": "CNNVD-202303-2681"
},
{
"db": "NVD",
"id": "CVE-2023-29059"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-30T00:00:00",
"db": "VULMON",
"id": "CVE-2023-29059"
},
{
"date": "2023-11-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-006580"
},
{
"date": "2023-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202303-2681"
},
{
"date": "2023-03-30T17:15:06.830000",
"db": "NVD",
"id": "CVE-2023-29059"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-04-10T00:00:00",
"db": "VULMON",
"id": "CVE-2023-29059"
},
{
"date": "2023-11-15T07:31:00",
"db": "JVNDB",
"id": "JVNDB-2023-006580"
},
{
"date": "2023-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202303-2681"
},
{
"date": "2023-04-10T16:29:50.317000",
"db": "NVD",
"id": "CVE-2023-29059"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202303-2681"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3CX\u00a0 multiple of \u00a0OS\u00a0 for \u00a03cx\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-006580"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202303-2681"
}
],
"trust": 0.6
}
}
var-202305-0262
Vulnerability from variot
3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows allows unauthenticated remote attackers to read certain files via /Electron/download directory traversal. Files may have credentials, full backups, call recordings, and chat logs. 3CX of 3cx Exists in a past traversal vulnerability.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202305-0262",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "3cx",
"scope": "lt",
"trust": 1.0,
"vendor": "3cx",
"version": "18.0.2.315"
},
{
"model": "3cx",
"scope": "eq",
"trust": 0.8,
"vendor": "3cx",
"version": "18.0.2.315"
},
{
"model": "3cx",
"scope": "eq",
"trust": 0.8,
"vendor": "3cx",
"version": null
},
{
"model": "3cx",
"scope": null,
"trust": 0.8,
"vendor": "3cx",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-009866"
},
{
"db": "NVD",
"id": "CVE-2022-48482"
}
]
},
"cve": "CVE-2022-48482",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-48482",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-48482",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-48482",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-48482",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202305-076",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-009866"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-076"
},
{
"db": "NVD",
"id": "CVE-2022-48482"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows allows unauthenticated remote attackers to read certain files via /Electron/download directory traversal. Files may have credentials, full backups, call recordings, and chat logs. 3CX of 3cx Exists in a past traversal vulnerability.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-48482"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009866"
},
{
"db": "VULMON",
"id": "CVE-2022-48482"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-48482",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009866",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202305-076",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-48482",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-48482"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009866"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-076"
},
{
"db": "NVD",
"id": "CVE-2022-48482"
}
]
},
"id": "VAR-202305-0262",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.2652174
},
"last_update_date": "2024-08-14T15:16:04.948000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "3CX Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=236962"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202305-076"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.0
},
{
"problemtype": "Path traversal (CWE-22) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-009866"
},
{
"db": "NVD",
"id": "CVE-2022-48482"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.3cx.com/blog/change-log/phone-system-change-log/"
},
{
"trust": 1.8,
"url": "https://medium.com/%40frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-48482"
},
{
"trust": 0.7,
"url": "https://medium.com/@frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-48482/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-48482"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009866"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-076"
},
{
"db": "NVD",
"id": "CVE-2022-48482"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-48482"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009866"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-076"
},
{
"db": "NVD",
"id": "CVE-2022-48482"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-02T00:00:00",
"db": "VULMON",
"id": "CVE-2022-48482"
},
{
"date": "2023-12-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-009866"
},
{
"date": "2023-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202305-076"
},
{
"date": "2023-05-02T05:15:27.407000",
"db": "NVD",
"id": "CVE-2022-48482"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-02T00:00:00",
"db": "VULMON",
"id": "CVE-2022-48482"
},
{
"date": "2023-12-07T02:01:00",
"db": "JVNDB",
"id": "JVNDB-2023-009866"
},
{
"date": "2023-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202305-076"
},
{
"date": "2023-11-07T03:56:34.117000",
"db": "NVD",
"id": "CVE-2022-48482"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202305-076"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3CX\u00a0 of \u00a03cx\u00a0 Past traversal vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-009866"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202305-076"
}
],
"trust": 0.6
}
}
var-201710-0666
Vulnerability from variot
In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInfo?file=" are the vulnerable parameters. An attacker must be authenticated to exploit this issue to access sensitive information to aid in subsequent attacks. 3CX Phone System Contains a path traversal vulnerability.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-0666",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "3cx",
"scope": "eq",
"trust": 1.6,
"vendor": "3cx",
"version": "15.5.3554.1"
},
{
"model": "phone system",
"scope": "eq",
"trust": 0.8,
"vendor": "3cx",
"version": "15.5.3554.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009564"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-606"
},
{
"db": "NVD",
"id": "CVE-2017-15359"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:3cx:phone_system",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009564"
}
]
},
"cve": "CVE-2017-15359",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2017-15359",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-15359",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-15359",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-15359",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201710-606",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009564"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-606"
},
{
"db": "NVD",
"id": "CVE-2017-15359"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: \"/api/RecordingList/DownloadRecord?file=\" and \"/api/SupportInfo?file=\" are the vulnerable parameters. An attacker must be authenticated to exploit this issue to access sensitive information to aid in subsequent attacks. 3CX Phone System Contains a path traversal vulnerability.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-15359"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009564"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-15359",
"trust": 2.4
},
{
"db": "EXPLOIT-DB",
"id": "42991",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009564",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201710-606",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009564"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-606"
},
{
"db": "NVD",
"id": "CVE-2017-15359"
}
]
},
"id": "VAR-201710-0666",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.2652174
},
"last_update_date": "2024-11-23T23:02:20.472000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.3cx.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009564"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009564"
},
{
"db": "NVD",
"id": "CVE-2017-15359"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://seclists.org/fulldisclosure/2017/oct/37"
},
{
"trust": 1.0,
"url": "https://www.exploit-db.com/exploits/42991/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15359"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15359"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009564"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-606"
},
{
"db": "NVD",
"id": "CVE-2017-15359"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009564"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-606"
},
{
"db": "NVD",
"id": "CVE-2017-15359"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009564"
},
{
"date": "2017-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-606"
},
{
"date": "2017-10-18T18:29:00.487000",
"db": "NVD",
"id": "CVE-2017-15359"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009564"
},
{
"date": "2017-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-606"
},
{
"date": "2024-11-21T03:14:32.590000",
"db": "NVD",
"id": "CVE-2017-15359"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-606"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3CX Phone System Path traversal vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009564"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-606"
}
],
"trust": 0.6
}
}
var-201808-0410
Vulnerability from variot
The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces' propertyPath parameters. 3CX Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. 3CX is an IP phone device from 3CX Corporation of the United States. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0410",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "web server",
"scope": "eq",
"trust": 2.4,
"vendor": "3cx",
"version": "15.5.8801.3"
},
{
"model": "3cx",
"scope": "eq",
"trust": 0.6,
"vendor": "3cx",
"version": "15.5.8801.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-17519"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008570"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-134"
},
{
"db": "NVD",
"id": "CVE-2018-14906"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:3cx:3cx_web_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008570"
}
]
},
"cve": "CVE-2018-14906",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2018-14906",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-17519",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2018-14906",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-14906",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-14906",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-17519",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-134",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-14906",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-17519"
},
{
"db": "VULMON",
"id": "CVE-2018-14906"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008570"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-134"
},
{
"db": "NVD",
"id": "CVE-2018-14906"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces\u0027 propertyPath parameters. 3CX Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. 3CX is an IP phone device from 3CX Corporation of the United States. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14906"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008570"
},
{
"db": "CNVD",
"id": "CNVD-2018-17519"
},
{
"db": "VULMON",
"id": "CVE-2018-14906"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-14906",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008570",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-17519",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201808-134",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2018-14906",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-17519"
},
{
"db": "VULMON",
"id": "CVE-2018-14906"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008570"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-134"
},
{
"db": "NVD",
"id": "CVE-2018-14906"
}
]
},
"id": "VAR-201808-0410",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-17519"
}
],
"trust": 0.8652173999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-17519"
}
]
},
"last_update_date": "2024-11-23T22:41:42.224000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.3cx.com/"
},
{
"title": "https://github.com/sketler/sketler",
"trust": 0.1,
"url": "https://github.com/sketler/sketler "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-14906"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008570"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008570"
},
{
"db": "NVD",
"id": "CVE-2018-14906"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://medium.com/stolabs/security-issues-on-3cx-web-service-d9dc7f1bea79"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14906"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14906"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/sketler/sketler"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-17519"
},
{
"db": "VULMON",
"id": "CVE-2018-14906"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008570"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-134"
},
{
"db": "NVD",
"id": "CVE-2018-14906"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-17519"
},
{
"db": "VULMON",
"id": "CVE-2018-14906"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008570"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-134"
},
{
"db": "NVD",
"id": "CVE-2018-14906"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-17519"
},
{
"date": "2018-08-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-14906"
},
{
"date": "2018-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008570"
},
{
"date": "2018-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-134"
},
{
"date": "2018-08-03T18:29:00.797000",
"db": "NVD",
"id": "CVE-2018-14906"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-17519"
},
{
"date": "2018-09-26T00:00:00",
"db": "VULMON",
"id": "CVE-2018-14906"
},
{
"date": "2018-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008570"
},
{
"date": "2018-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-134"
},
{
"date": "2024-11-21T03:50:03.670000",
"db": "NVD",
"id": "CVE-2018-14906"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-134"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3CX Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008570"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-134"
}
],
"trust": 0.6
}
}
var-202308-3003
Vulnerability from variot
3CX Uncontrolled Search Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of 3CX. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-20026
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202308-3003",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "3cx",
"scope": null,
"trust": 0.7,
"vendor": "3cx",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1153"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Xavier DANEST",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1153"
}
],
"trust": 0.7
},
"cve": "CVE-2023-27362",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.0,
"id": "CVE-2023-27362",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.0,
"id": "CVE-2023-27362",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-27362",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2023-27362",
"trust": 0.7,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1153"
},
{
"db": "NVD",
"id": "CVE-2023-27362"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3CX Uncontrolled Search Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of 3CX. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. \n\nThe specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-20026",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-27362"
},
{
"db": "ZDI",
"id": "ZDI-23-1153"
}
],
"trust": 1.53
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-27362",
"trust": 1.7
},
{
"db": "ZDI",
"id": "ZDI-23-1153",
"trust": 1.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-20026",
"trust": 0.7
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1153"
},
{
"db": "NVD",
"id": "CVE-2023-27362"
}
]
},
"id": "VAR-202308-3003",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.2652174
},
"last_update_date": "2024-08-14T14:30:19.218000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "3CX has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.3cx.com/blog/releases/v18-u8/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1153"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-27362"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.3cx.com/blog/releases/v18-u8/"
},
{
"trust": 1.0,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-1153/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1153"
},
{
"db": "NVD",
"id": "CVE-2023-27362"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-1153"
},
{
"db": "NVD",
"id": "CVE-2023-27362"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-21T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1153"
},
{
"date": "2024-05-03T02:15:14.350000",
"db": "NVD",
"id": "CVE-2023-27362"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-21T00:00:00",
"db": "ZDI",
"id": "ZDI-23-1153"
},
{
"date": "2024-05-03T12:50:34.250000",
"db": "NVD",
"id": "CVE-2023-27362"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3CX Uncontrolled Search Path Local Privilege Escalation Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-1153"
}
],
"trust": 0.7
}
}
var-201808-0409
Vulnerability from variot
The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter. 3CX Web server Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. 3CX is an IP phone device from 3CX Corporation of the United States. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0409",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "web server",
"scope": "eq",
"trust": 2.4,
"vendor": "3cx",
"version": "15.5.8801.3"
},
{
"model": "3cx",
"scope": "eq",
"trust": 0.6,
"vendor": "3cx",
"version": "15.5.8801.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-14787"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008564"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-135"
},
{
"db": "NVD",
"id": "CVE-2018-14905"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:3cx:3cx_web_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008564"
}
]
},
"cve": "CVE-2018-14905",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2018-14905",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-14787",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2018-14905",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-14905",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-14905",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-14787",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-135",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-14787"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008564"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-135"
},
{
"db": "NVD",
"id": "CVE-2018-14905"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter. 3CX Web server Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. 3CX is an IP phone device from 3CX Corporation of the United States. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14905"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008564"
},
{
"db": "CNVD",
"id": "CNVD-2018-14787"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-14905",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008564",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-14787",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201808-135",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-14787"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008564"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-135"
},
{
"db": "NVD",
"id": "CVE-2018-14905"
}
]
},
"id": "VAR-201808-0409",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-14787"
}
],
"trust": 0.8652173999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-14787"
}
]
},
"last_update_date": "2024-11-23T21:38:26.666000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.3cx.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008564"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008564"
},
{
"db": "NVD",
"id": "CVE-2018-14905"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://medium.com/stolabs/security-issues-on-3cx-web-service-d9dc7f1bea79"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14905"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14905"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-14787"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008564"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-135"
},
{
"db": "NVD",
"id": "CVE-2018-14905"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-14787"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008564"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-135"
},
{
"db": "NVD",
"id": "CVE-2018-14905"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-14787"
},
{
"date": "2018-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008564"
},
{
"date": "2018-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-135"
},
{
"date": "2018-08-03T18:29:00.750000",
"db": "NVD",
"id": "CVE-2018-14905"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-14787"
},
{
"date": "2018-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008564"
},
{
"date": "2018-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-135"
},
{
"date": "2024-11-21T03:50:03.503000",
"db": "NVD",
"id": "CVE-2018-14905"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-135"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3CX Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-14787"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-135"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-135"
}
],
"trust": 0.6
}
}
var-201908-0857
Vulnerability from variot
An issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx component is affected by XXE via a crafted XML document in POST data. There is potential to use this for SSRF (reading local files, outbound HTTP, and outbound DNS)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-0857",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "3cx",
"scope": "eq",
"trust": 1.0,
"vendor": "3cx",
"version": "12.5.44178.1002"
},
{
"model": "3cx",
"scope": "eq",
"trust": 1.0,
"vendor": "3cx",
"version": "12.5"
},
{
"model": "phone system",
"scope": "eq",
"trust": 0.8,
"vendor": "3cx",
"version": "12.5.44178.1002 to 12.5 sp2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008470"
},
{
"db": "NVD",
"id": "CVE-2019-13176"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:3cx:phone_system",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008470"
}
]
},
"cve": "CVE-2019-13176",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-13176",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-13176",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-13176",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-13176",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-577",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008470"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-577"
},
{
"db": "NVD",
"id": "CVE-2019-13176"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx component is affected by XXE via a crafted XML document in POST data. There is potential to use this for SSRF (reading local files, outbound HTTP, and outbound DNS)",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13176"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008470"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-13176",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008470",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-577",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008470"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-577"
},
{
"db": "NVD",
"id": "CVE-2019-13176"
}
]
},
"id": "VAR-201908-0857",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.2652174
},
"last_update_date": "2024-11-23T22:25:48.620000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.3cx.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008470"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-611",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008470"
},
{
"db": "NVD",
"id": "CVE-2019-13176"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.logicallysecure.com/blog/3cx-phone-system-web-console-affected-by-xxe/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13176"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13176"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008470"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-577"
},
{
"db": "NVD",
"id": "CVE-2019-13176"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008470"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-577"
},
{
"db": "NVD",
"id": "CVE-2019-13176"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008470"
},
{
"date": "2019-08-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-577"
},
{
"date": "2019-08-08T14:15:11.617000",
"db": "NVD",
"id": "CVE-2019-13176"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008470"
},
{
"date": "2019-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-577"
},
{
"date": "2024-11-21T04:24:21.667000",
"db": "NVD",
"id": "CVE-2019-13176"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-577"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3CX Phone system management console In XML External entity vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008470"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-577"
}
],
"trust": 0.6
}
}
var-202312-0781
Vulnerability from variot
The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-0781",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "3cx",
"scope": "gte",
"trust": 1.0,
"vendor": "3cx",
"version": "20.0"
},
{
"model": "3cx",
"scope": "lt",
"trust": 1.0,
"vendor": "3cx",
"version": "18.0.9.23"
},
{
"model": "3cx",
"scope": "lt",
"trust": 1.0,
"vendor": "3cx",
"version": "20.0.0.1494"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-49954"
}
]
},
"cve": "CVE-2023-49954",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2023-49954",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-49954",
"trust": 1.0,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-49954"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address.",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-49954"
}
],
"trust": 1.0
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-49954",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-49954"
}
]
},
"id": "VAR-202312-0781",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.2652174
},
"last_update_date": "2024-08-14T13:19:36.478000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-49954"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://cve-2023-49954.github.io/"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-49954"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-49954"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-25T08:15:07.933000",
"db": "NVD",
"id": "CVE-2023-49954"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-03T22:32:37.550000",
"db": "NVD",
"id": "CVE-2023-49954"
}
]
}
}
var-202205-0167
Vulnerability from variot
An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server (via /Electron/download directory traversal in conjunction with a path component that uses backslash characters), leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITY\SYSTEM on Windows installations. NOTE: this issue exists because of an incomplete fix for CVE-2022-48482. 3CX of 3cx There are vulnerabilities in inadequate protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Versions prior to version 18, Hotfix 1 Build 18.0.3.461 March 2022, are prone to an additional unauthenticated file system access to C:\Windows\System32
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-0167",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "3cx",
"scope": "lte",
"trust": 1.0,
"vendor": "3cx",
"version": "18.0.3.450"
},
{
"model": "3cx",
"scope": "eq",
"trust": 0.8,
"vendor": "3cx",
"version": null
},
{
"model": "3cx",
"scope": "lte",
"trust": 0.8,
"vendor": "3cx",
"version": "18.0.3.450 and earlier"
},
{
"model": "3cx",
"scope": null,
"trust": 0.8,
"vendor": "3cx",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-009465"
},
{
"db": "NVD",
"id": "CVE-2022-28005"
}
]
},
"cve": "CVE-2022-28005",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-28005",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-28005",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-28005",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-28005",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-28005",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-2568",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-009465"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2568"
},
{
"db": "NVD",
"id": "CVE-2022-28005"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server (via /Electron/download directory traversal in conjunction with a path component that uses backslash characters), leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITY\\SYSTEM on Windows installations. NOTE: this issue exists because of an incomplete fix for CVE-2022-48482. 3CX of 3cx There are vulnerabilities in inadequate protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Versions prior to version 18, Hotfix 1 Build 18.0.3.461 March 2022, are prone to an additional unauthenticated file system access to C:\\Windows\\System32",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-28005"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009465"
},
{
"db": "VULMON",
"id": "CVE-2022-28005"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-28005",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009465",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2568",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-28005",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-28005"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009465"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2568"
},
{
"db": "NVD",
"id": "CVE-2022-28005"
}
]
},
"id": "VAR-202205-0167",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.2652174
},
"last_update_date": "2024-11-23T21:50:32.137000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "3CX Phone system ( web ) management console Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=193414"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2568"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.0
},
{
"problemtype": "Inadequate protection of credentials (CWE-522) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-009465"
},
{
"db": "NVD",
"id": "CVE-2022-28005"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.3cx.com/blog/releases/v18-security-hotfix/"
},
{
"trust": 2.5,
"url": "https://www.3cx.com/blog/change-log/phone-system-change-log/"
},
{
"trust": 2.5,
"url": "https://www.3cx.com/blog/releases/v18-update-3-final/"
},
{
"trust": 1.4,
"url": "https://medium.com/@frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88"
},
{
"trust": 1.0,
"url": "https://medium.com/%40frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28005"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-28005/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-28005"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009465"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2568"
},
{
"db": "NVD",
"id": "CVE-2022-28005"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-28005"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009465"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2568"
},
{
"db": "NVD",
"id": "CVE-2022-28005"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-06T00:00:00",
"db": "VULMON",
"id": "CVE-2022-28005"
},
{
"date": "2023-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-009465"
},
{
"date": "2022-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2568"
},
{
"date": "2022-05-06T15:15:08.787000",
"db": "NVD",
"id": "CVE-2022-28005"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-06T00:00:00",
"db": "VULMON",
"id": "CVE-2022-28005"
},
{
"date": "2023-08-04T08:28:00",
"db": "JVNDB",
"id": "JVNDB-2022-009465"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2568"
},
{
"date": "2024-11-21T06:56:35.623000",
"db": "NVD",
"id": "CVE-2022-28005"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2568"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3CX\u00a0 of \u00a03cx\u00a0 Vulnerability regarding insufficient protection of authentication information in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-009465"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2568"
}
],
"trust": 0.6
}
}
var-201803-2274
Vulnerability from variot
On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/RecordingList/download?file=" allows full access to files on the server via path traversal. 3CX The device contains a path traversal vulnerability.Information may be obtained. 3CXdevices is an IP telephony device from 3CX Corporation of the United States
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-2274",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "3cx",
"scope": "eq",
"trust": 1.6,
"vendor": "3cx",
"version": "15.5.6354.2"
},
{
"model": "phone system",
"scope": "eq",
"trust": 0.8,
"vendor": "3cx",
"version": "15.5.6354.2"
},
{
"model": "devices",
"scope": "eq",
"trust": 0.6,
"vendor": "3cx",
"version": "15.5.6354.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04732"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002714"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-063"
},
{
"db": "NVD",
"id": "CVE-2018-7654"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:3cx:phone_system",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002714"
}
]
},
"cve": "CVE-2018-7654",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2018-7654",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2018-04732",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-7654",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7654",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-7654",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-04732",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-063",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04732"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002714"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-063"
},
{
"db": "NVD",
"id": "CVE-2018-7654"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "On 3CX 15.5.6354.2 devices, the parameter \"file\" in the request \"/api/RecordingList/download?file=\" allows full access to files on the server via path traversal. 3CX The device contains a path traversal vulnerability.Information may be obtained. 3CXdevices is an IP telephony device from 3CX Corporation of the United States",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7654"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002714"
},
{
"db": "CNVD",
"id": "CNVD-2018-04732"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7654",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002714",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-04732",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201803-063",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04732"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002714"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-063"
},
{
"db": "NVD",
"id": "CVE-2018-7654"
}
]
},
"id": "VAR-201803-2274",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04732"
}
],
"trust": 1.2326087000000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04732"
}
]
},
"last_update_date": "2024-11-23T22:22:11.001000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.3cx.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002714"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002714"
},
{
"db": "NVD",
"id": "CVE-2018-7654"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://www.rootlabs.com.br/path-traversal-in-3cx/"
},
{
"trust": 2.2,
"url": "https://medium.com/stolabs/path-traversal-in-3cx-7421a8ffdb7a"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7654"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7654"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04732"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002714"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-063"
},
{
"db": "NVD",
"id": "CVE-2018-7654"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-04732"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002714"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-063"
},
{
"db": "NVD",
"id": "CVE-2018-7654"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-04732"
},
{
"date": "2018-04-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002714"
},
{
"date": "2018-03-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-063"
},
{
"date": "2018-03-04T01:29:00.487000",
"db": "NVD",
"id": "CVE-2018-7654"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-04732"
},
{
"date": "2018-04-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002714"
},
{
"date": "2018-03-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-063"
},
{
"date": "2024-11-21T04:12:29.060000",
"db": "NVD",
"id": "CVE-2018-7654"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-063"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3CX Device Path Traversal Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04732"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-063"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-063"
}
],
"trust": 0.6
}
}
var-201908-0626
Vulnerability from variot
3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link. 3CX Phone Contains a permission vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. 3CX Phone is a software-based dedicated branch switch. The product works with SIP-based IP phones, SIP trunks, and VoIP gateways to provide a complete communications solution. An attacker could exploit this vulnerability to increase privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-0626",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "3cx",
"scope": "eq",
"trust": 1.0,
"vendor": "3cx",
"version": "15"
},
{
"model": "web server",
"scope": "eq",
"trust": 0.8,
"vendor": "3cx",
"version": "15"
},
{
"model": "phone",
"scope": "eq",
"trust": 0.6,
"vendor": "3cx",
"version": "15"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-31334"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008353"
},
{
"db": "NVD",
"id": "CVE-2019-14935"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:3cx:3cx_web_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008353"
}
]
},
"cve": "CVE-2019-14935",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2019-14935",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2019-31334",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-14935",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-14935",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-14935",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-31334",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-666",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-31334"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008353"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-666"
},
{
"db": "NVD",
"id": "CVE-2019-14935"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3CX Phone 15 on Windows has insecure permissions on the \"%PROGRAMDATA%\\3CXPhone for Windows\\PhoneApp\" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link. 3CX Phone Contains a permission vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. 3CX Phone is a software-based dedicated branch switch. The product works with SIP-based IP phones, SIP trunks, and VoIP gateways to provide a complete communications solution. An attacker could exploit this vulnerability to increase privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-14935"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008353"
},
{
"db": "CNVD",
"id": "CNVD-2019-31334"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-14935",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008353",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-31334",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201908-666",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-31334"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008353"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-666"
},
{
"db": "NVD",
"id": "CVE-2019-14935"
}
]
},
"id": "VAR-201908-0626",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-31334"
}
],
"trust": 1.2326087000000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-31334"
}
]
},
"last_update_date": "2024-11-23T22:25:48.847000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "security issue with 3cx windows client install",
"trust": 0.8,
"url": "https://www.3cx.com/community/threads/security-issue-with-3cx-windows-client-install.64432/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008353"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-732",
"trust": 1.0
},
{
"problemtype": "CWE-275",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008353"
},
{
"db": "NVD",
"id": "CVE-2019-14935"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14935"
},
{
"trust": 1.6,
"url": "https://www.3cx.com/community/threads/security-issue-with-3cx-windows-client-install.64432/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14935"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-31334"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008353"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-666"
},
{
"db": "NVD",
"id": "CVE-2019-14935"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-31334"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008353"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-666"
},
{
"db": "NVD",
"id": "CVE-2019-14935"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-31334"
},
{
"date": "2019-08-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008353"
},
{
"date": "2019-08-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-666"
},
{
"date": "2019-08-12T00:15:10.570000",
"db": "NVD",
"id": "CVE-2019-14935"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-31334"
},
{
"date": "2019-08-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008353"
},
{
"date": "2020-09-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-666"
},
{
"date": "2024-11-21T04:27:43.150000",
"db": "NVD",
"id": "CVE-2019-14935"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-666"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3CX Phone Permissions vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008353"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-666"
}
],
"trust": 0.6
}
}
var-202203-0951
Vulnerability from variot
The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation. 3CX of Iphone_os for 3cx Exists in a certificate validation vulnerability.Information may be obtained and information may be tampered with. #############################################################
COMPASS SECURITY ADVISORY
https://www.compass-security.com/research/advisories/
Product: 3CX Client for Windows (legacy), Android & iOS
Vendor: 3CX
CSNC ID: CSNC-2021-021
CVE ID: CVE-2021-45490
Subject: Missing Certificate Verification
CWE-ID: CWE-295 (Improper Certificate Validation)
Severity: Medium
Effect: Network Traffic Decryption and Manipulation
Author: Emanuel Duss emanuel.duss@compass-security.com
Date: 2022-03-17
Introduction
3CX is an open-platform office phone system that runs on premise on Windows or Linux. 3CX was built for mobility, with remote work apps that offer secured communication for the whole team. These applications do not verify the TLS certificate of the 3CX server. - There is no fix from the vendor at the moment. - The new Electron based 3CX Desktop App is not affected.
This allows an attacker between the 3CX application and the 3CX server to split the TLS traffic and therefore read and manipulate the transmitted data.
For example, the data required for provisioning a new device can be read every time when the app is started. This data can then be used to provision another app.
Thus, attackers can provision an own device and use the entire functionality of the app. This includes:
- List companies in the phone book
- Make phone calls
- Listen to voice box
- etc.
This attack can for example be reproduced by performing an ARP spoofing attack in the network against the target client and by using Burp Suite as a transparent HTTP proxy.
Vulnerability Classification
CVSS v3.1 Metrics [2]:
- CVSS Base Score: 6.5 (Medium)
- CVSS Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Workaround / Fix
3CX Vendor
The app should correctly verify the server's certificate using the system CA store or implement certificate pinning in the apps.
3CX Users
There is no security update for this vulnerability at the moment. According to the 3CX, the vulnerability will be tackled in future redesigns of the mobile apps.
Users of the legacy Windows client can switch to the new Electron based 3CX Desktop App which is not affected.
Timeline
2021-12-16: Vulnerability discovered 2021-12-17: Discussed vulnerability with our customer Asked 3CX for security contact on Twitter, community forum, support email and contact form. Got response via support mail. Security contact was dpo@3cx.com Provided details Requested CVE ID @ MITRE 2021-12-25: Assigned CVE-2021-45490 2022-01-03: Asked vendor if they understood the vulnerability. Answer: Report was distributed internally. 2022-01-18: Asked vendor for any updates. 2022-02-02: Asked vendor for any updates. 2022-02-10: Asked vendor for any updates. 3CX can't tell when the issue will be fixed. 2022-03-11: Asked vendor for any updates. 3CX thanked for the report. Issues will be tackled in future redesigns of the mobile apps. 2022-03-17: Coordinated public disclosure
Acknowledgement
Thanks 3CX for the coordinated dicslosure.
References
[1] https://www.3cx.com/ [2] https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N&version=3.1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-0951",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "3cx",
"scope": "lte",
"trust": 1.0,
"vendor": "3cx",
"version": "18.0.11"
},
{
"model": "3cx",
"scope": "lte",
"trust": 1.0,
"vendor": "3cx",
"version": "18.0.4"
},
{
"model": "3cx",
"scope": "lte",
"trust": 1.0,
"vendor": "3cx",
"version": "2022-03-17"
},
{
"model": "3cx",
"scope": "lte",
"trust": 0.8,
"vendor": "3cx",
"version": "2022-03-17 and earlier"
},
{
"model": "3cx",
"scope": null,
"trust": 0.8,
"vendor": "3cx",
"version": null
},
{
"model": "3cx",
"scope": "lte",
"trust": 0.8,
"vendor": "3cx",
"version": "18.0.4 and earlier"
},
{
"model": "3cx",
"scope": "lte",
"trust": 0.8,
"vendor": "3cx",
"version": "18.0.11 and earlier"
},
{
"model": "3cx",
"scope": "eq",
"trust": 0.8,
"vendor": "3cx",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019061"
},
{
"db": "NVD",
"id": "CVE-2021-45490"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emanuel Duss",
"sources": [
{
"db": "PACKETSTORM",
"id": "166376"
}
],
"trust": 0.1
},
"cve": "CVE-2021-45490",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-45490",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-45490",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-45490",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-45490",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-45490",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-1927",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019061"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1927"
},
{
"db": "NVD",
"id": "CVE-2021-45490"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation. 3CX of Iphone_os for 3cx Exists in a certificate validation vulnerability.Information may be obtained and information may be tampered with. #############################################################\n#\n# COMPASS SECURITY ADVISORY\n# https://www.compass-security.com/research/advisories/\n#\n#############################################################\n#\n# Product: 3CX Client for Windows (legacy), Android \u0026 iOS\n# Vendor: 3CX\n# CSNC ID: CSNC-2021-021\n# CVE ID: CVE-2021-45490\n# Subject: Missing Certificate Verification\n# CWE-ID: CWE-295 (Improper Certificate Validation)\n# Severity: Medium\n# Effect: Network Traffic Decryption and Manipulation\n# Author: Emanuel Duss \u003cemanuel.duss@compass-security.com\u003e\n# Date: 2022-03-17\n#\n#############################################################\n\nIntroduction\n------------\n\n3CX is an open-platform office phone system that runs on premise on Windows or\nLinux. 3CX was built for mobility, with remote work apps that offer secured\ncommunication for the whole team. These applications do not verify\nthe TLS certificate of the 3CX server. \n- There is no fix from the vendor at the moment. \n- The new Electron based 3CX Desktop App is not affected. \n\nThis allows an attacker between the 3CX application and the 3CX server to split\nthe TLS traffic and therefore read and manipulate the transmitted data. \n\nFor example, the data required for provisioning a new device can be read every\ntime when the app is started. This data can then be used to provision another\napp. \n\nThus, attackers can provision an own device and use the entire functionality of\nthe app. This includes:\n\n- List companies in the phone book\n- Make phone calls\n- Listen to voice box\n- etc. \n\nThis attack can for example be reproduced by performing an ARP spoofing attack\nin the network against the target client and by using Burp Suite as a\ntransparent HTTP proxy. \n\n\nVulnerability Classification\n----------------------------\n\nCVSS v3.1 Metrics [2]:\n\n- CVSS Base Score: 6.5 (Medium)\n- CVSS Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N\n\n\nWorkaround / Fix\n----------------\n\n# 3CX Vendor\n\nThe app should correctly verify the server\u0027s certificate using the system CA\nstore or implement certificate pinning in the apps. \n\n# 3CX Users\n\nThere is no security update for this vulnerability at the moment. According to\nthe 3CX, the vulnerability will be tackled in future redesigns of the mobile\napps. \n\nUsers of the legacy Windows client can switch to the new Electron based 3CX\nDesktop App which is not affected. \n\n\nTimeline\n--------\n\n2021-12-16: Vulnerability discovered\n2021-12-17: Discussed vulnerability with our customer\n Asked 3CX for security contact on Twitter, community forum, support\n email and contact form. \n Got response via support mail. Security contact was dpo@3cx.com\n Provided details\n Requested CVE ID @ MITRE\n2021-12-25: Assigned CVE-2021-45490\n2022-01-03: Asked vendor if they understood the vulnerability. \n Answer: Report was distributed internally. \n2022-01-18: Asked vendor for any updates. \n2022-02-02: Asked vendor for any updates. \n2022-02-10: Asked vendor for any updates. 3CX can\u0027t tell when the issue will\n be fixed. \n2022-03-11: Asked vendor for any updates. 3CX thanked for the report. \n Issues will be tackled in future redesigns of the mobile apps. \n2022-03-17: Coordinated public disclosure\n\n\nAcknowledgement\n---------------\n\nThanks 3CX for the coordinated dicslosure. \n\n\nReferences\n----------\n\n[1] https://www.3cx.com/\n[2] https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N\u0026version=3.1\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-45490"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019061"
},
{
"db": "PACKETSTORM",
"id": "166376"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-45490",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "166376",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019061",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1927",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019061"
},
{
"db": "PACKETSTORM",
"id": "166376"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1927"
},
{
"db": "NVD",
"id": "CVE-2021-45490"
}
]
},
"id": "VAR-202203-0951",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.2652174
},
"last_update_date": "2024-11-23T23:00:53.184000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-295",
"trust": 1.0
},
{
"problemtype": "Illegal certificate verification (CWE-295) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019061"
},
{
"db": "NVD",
"id": "CVE-2021-45490"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://packetstormsecurity.com/files/166376/3cx-client-missing-tls-validation.html"
},
{
"trust": 2.4,
"url": "https://www.3cx.com/community/forums/posts-articles-news/"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45490"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-45490/"
},
{
"trust": 0.1,
"url": "https://www.compass-security.com/research/advisories/"
},
{
"trust": 0.1,
"url": "https://www.3cx.com/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=av:n/ac:h/pr:n/ui:n/s:u/c:l/i:l/a:n\u0026version=3.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019061"
},
{
"db": "PACKETSTORM",
"id": "166376"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1927"
},
{
"db": "NVD",
"id": "CVE-2021-45490"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019061"
},
{
"db": "PACKETSTORM",
"id": "166376"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1927"
},
{
"db": "NVD",
"id": "CVE-2021-45490"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-019061"
},
{
"date": "2022-03-21T17:36:33",
"db": "PACKETSTORM",
"id": "166376"
},
{
"date": "2022-03-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1927"
},
{
"date": "2022-03-28T02:15:06.950000",
"db": "NVD",
"id": "CVE-2021-45490"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-14T08:39:00",
"db": "JVNDB",
"id": "JVNDB-2021-019061"
},
{
"date": "2022-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1927"
},
{
"date": "2024-11-21T06:32:19.597000",
"db": "NVD",
"id": "CVE-2021-45490"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1927"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3CX\u00a0 of \u00a0Iphone_os\u00a0 for \u00a03cx\u00a0 Certificate validation vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019061"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1927"
}
],
"trust": 0.6
}
}