var-202203-0548
Vulnerability from variot
3CX System through 2022-03-17 stores cleartext passwords in a database. 3CX of 3cx There is a vulnerability in plaintext storage of important information.Information may be obtained. 3CX Phone is a software-based private branch switch. This product can be used with SIP standard-based IP phones, SIP trunks and VoIP gateways to provide a complete communication solution.
The 3CX Phone System has a security vulnerability that stems from the fact that the 3CX Phone System stores passwords in clear text and makes them exportable in the management interface. No detailed vulnerability details are currently provided. #############################################################
COMPASS SECURITY ADVISORY
https://www.compass-security.com/research/advisories/
Product: 3CX Phone System
Vendor: 3CX
CSNC ID: CSNC-2021-022
CVE ID: CVE-2021-45491
Subject: Exportable Cleartext Passwords
CWE-ID: CWE-257 (Storing Passwords in a Recoverable Format)
Severity: Medium
Effect: Credential Reuse
Author: Emanuel Duss emanuel.duss@compass-security.com
Date: 2022-03-17
Introduction
3CX is an open-platform office phone system that runs on premise on Windows or Linux. 3CX was built for mobility, with remote work apps that offer secured communication for the whole team. With the Android, iOS and Windows apps, business communication is no longer tied to the office building. [1]
During a customer project, we identified a security vulnerability in the 3CX system.
Affected
- All versions of the 3CX application are affected.
- There is no fix from the vendor.
This can be verified by exporting the credentials via the admin interface or by looking into the SQL database. This issue is also already documented in the community forum since 2019 [2].
The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts. [3]
Vulnerability Classification
CVSS v3.1 Metrics [4]:
- CVSS Base Score: 5.5 (Medium)
- CVSS Vector: AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Workaround / Fix
3CX Vendor
A password hash function such as PBKDF2, bcrypt or scrypt should be used for passwords. The passwords should also be provided with a salt that is generated individually for each user. This can make attacks that use rainbow tables or pre-calculated wordlists more difficult.
3CX Users
There is no security update for this vulnerability at the moment. According to the 3CX, the vulnerability will be tackled in future redesigns of the management console.
Timeline
2021-12-16: Vulnerability discovered 2021-12-17: Discussed vulnerability with our customer Asked 3CX for security contact on Twitter, community forum, support email and contact form. Got response via support mail. Security contact was dpo@3cx.com Provided details Requested CVE ID @ MITRE 2021-12-25: Assigned CVE-2021-45491 2022-01-03: Asked vendor if they understood the vulnerability. Answer: Report was distributed internally. 2022-01-18: Asked vendor for any updates. 2022-02-02: Asked vendor for any updates. 2022-02-10: Asked vendor for any updates. 3CX can't tell when the issue will be fixed. 2022-03-11: Asked vendor for any updates. 3CX thanked for the report. Issues will be tackled in future redesigns of the management console. 2022-03-17: Coordinated public disclosure
Acknowledgement
Thanks 3CX for the coordinated disclosure.
References
[1] https://www.3cx.com/ [2] https://www.3cx.de/forum/threads/klartext-passwort-willkommen-mail-also-auch-in-db.94280/ [3] https://cwe.mitre.org/data/definitions/257.html [4] https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N&version=3.1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-0548",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "3cx",
"scope": "lte",
"trust": 1.0,
"vendor": "3cx",
"version": "2022-03-17"
},
{
"model": "3cx",
"scope": null,
"trust": 0.8,
"vendor": "3cx",
"version": null
},
{
"model": "3cx",
"scope": "lte",
"trust": 0.8,
"vendor": "3cx",
"version": "2022-03-17 and earlier"
},
{
"model": "3cx",
"scope": "eq",
"trust": 0.8,
"vendor": "3cx",
"version": null
},
{
"model": "phone",
"scope": "lt",
"trust": 0.6,
"vendor": "3cx",
"version": "2022-03-17"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-29580"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019014"
},
{
"db": "NVD",
"id": "CVE-2021-45491"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emanuel Duss",
"sources": [
{
"db": "PACKETSTORM",
"id": "166386"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1924"
}
],
"trust": 0.7
},
"cve": "CVE-2021-45491",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2021-45491",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2022-29580",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-45491",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-45491",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-45491",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-45491",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2022-29580",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-1924",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-45491",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-29580"
},
{
"db": "VULMON",
"id": "CVE-2021-45491"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019014"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1924"
},
{
"db": "NVD",
"id": "CVE-2021-45491"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3CX System through 2022-03-17 stores cleartext passwords in a database. 3CX of 3cx There is a vulnerability in plaintext storage of important information.Information may be obtained. 3CX Phone is a software-based private branch switch. This product can be used with SIP standard-based IP phones, SIP trunks and VoIP gateways to provide a complete communication solution. \n\r\n\r\nThe 3CX Phone System has a security vulnerability that stems from the fact that the 3CX Phone System stores passwords in clear text and makes them exportable in the management interface. No detailed vulnerability details are currently provided. #############################################################\n#\n# COMPASS SECURITY ADVISORY\n# https://www.compass-security.com/research/advisories/\n#\n#############################################################\n#\n# Product: 3CX Phone System\n# Vendor: 3CX\n# CSNC ID: CSNC-2021-022\n# CVE ID: CVE-2021-45491\n# Subject: Exportable Cleartext Passwords\n# CWE-ID: CWE-257 (Storing Passwords in a Recoverable Format)\n# Severity: Medium\n# Effect: Credential Reuse\n# Author: Emanuel Duss \u003cemanuel.duss@compass-security.com\u003e\n# Date: 2022-03-17\n#\n#############################################################\n\nIntroduction\n------------\n\n3CX is an open-platform office phone system that runs on premise on Windows or\nLinux. 3CX was built for mobility, with remote work apps that offer secured\ncommunication for the whole team. With the Android, iOS and Windows apps,\nbusiness communication is no longer tied to the office building. [1]\n\nDuring a customer project, we identified a security vulnerability in the 3CX\nsystem. \n\n\nAffected\n--------\n\n- All versions of the 3CX application are affected. \n- There is no fix from the vendor. \n\nThis can be verified by exporting the credentials via the admin interface or by\nlooking into the SQL database. This issue is also already documented in the\ncommunity forum since 2019 [2]. \n\nThe storage of passwords in a recoverable format makes them subject to password\nreuse attacks by malicious users. In fact, it should be noted that recoverable\nencrypted passwords provide no significant benefit over plaintext passwords\nsince they are subject not only to reuse by malicious attackers but also by\nmalicious insiders. If a system administrator can recover a password directly,\nor use a brute force search on the available information, the administrator can\nuse the password on other accounts. [3]\n\n\nVulnerability Classification\n----------------------------\n\nCVSS v3.1 Metrics [4]:\n\n- CVSS Base Score: 5.5 (Medium)\n- CVSS Vector: AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N\n\n\nWorkaround / Fix\n----------------\n\n# 3CX Vendor\n\nA password hash function such as PBKDF2, bcrypt or scrypt should be used for\npasswords. The passwords should also be provided with a salt that is generated\nindividually for each user. This can make attacks that use rainbow tables or\npre-calculated wordlists more difficult. \n\n# 3CX Users\n\nThere is no security update for this vulnerability at the moment. According to\nthe 3CX, the vulnerability will be tackled in future redesigns of the\nmanagement console. \n\n\nTimeline\n--------\n\n2021-12-16: Vulnerability discovered\n2021-12-17: Discussed vulnerability with our customer\n Asked 3CX for security contact on Twitter, community forum, support\n email and contact form. \n Got response via support mail. Security contact was dpo@3cx.com\n Provided details\n Requested CVE ID @ MITRE\n2021-12-25: Assigned CVE-2021-45491\n2022-01-03: Asked vendor if they understood the vulnerability. \n Answer: Report was distributed internally. \n2022-01-18: Asked vendor for any updates. \n2022-02-02: Asked vendor for any updates. \n2022-02-10: Asked vendor for any updates. 3CX can\u0027t tell when the issue will\n be fixed. \n2022-03-11: Asked vendor for any updates. 3CX thanked for the report. Issues\n will be tackled in future redesigns of the management console. \n2022-03-17: Coordinated public disclosure\n\n\nAcknowledgement\n---------------\n\nThanks 3CX for the coordinated disclosure. \n\n\nReferences\n----------\n\n[1] https://www.3cx.com/\n[2] https://www.3cx.de/forum/threads/klartext-passwort-willkommen-mail-also-auch-in-db.94280/\n[3] https://cwe.mitre.org/data/definitions/257.html\n[4] https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N\u0026version=3.1\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-45491"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019014"
},
{
"db": "CNVD",
"id": "CNVD-2022-29580"
},
{
"db": "VULMON",
"id": "CVE-2021-45491"
},
{
"db": "PACKETSTORM",
"id": "166386"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-45491",
"trust": 4.0
},
{
"db": "PACKETSTORM",
"id": "166386",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019014",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-29580",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2022030096",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1924",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-45491",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-29580"
},
{
"db": "VULMON",
"id": "CVE-2021-45491"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019014"
},
{
"db": "PACKETSTORM",
"id": "166386"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1924"
},
{
"db": "NVD",
"id": "CVE-2021-45491"
}
]
},
"id": "VAR-202203-0548",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-29580"
}
],
"trust": 1.2326087000000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-29580"
}
]
},
"last_update_date": "2024-11-23T22:47:29.740000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": null,
"trust": 0.1,
"url": "https://www.theregister.co.uk/2023/04/12/3cx_client_update_for_security/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-45491"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-312",
"trust": 1.0
},
{
"problemtype": "Plaintext storage of important information (CWE-312) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019014"
},
{
"db": "NVD",
"id": "CVE-2021-45491"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "http://packetstormsecurity.com/files/166386/3cx-phone-system-cleartext-passwords.html"
},
{
"trust": 2.5,
"url": "https://www.3cx.com/community/forums/posts-articles-news/"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45491"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2022030096"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-45491/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/312.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.theregister.co.uk/2023/04/12/3cx_client_update_for_security/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/257.html"
},
{
"trust": 0.1,
"url": "https://www.3cx.de/forum/threads/klartext-passwort-willkommen-mail-also-auch-in-db.94280/"
},
{
"trust": 0.1,
"url": "https://www.compass-security.com/research/advisories/"
},
{
"trust": 0.1,
"url": "https://www.3cx.com/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=av:n/ac:l/pr:h/ui:n/s:c/c:l/i:l/a:n\u0026version=3.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-29580"
},
{
"db": "VULMON",
"id": "CVE-2021-45491"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019014"
},
{
"db": "PACKETSTORM",
"id": "166386"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1924"
},
{
"db": "NVD",
"id": "CVE-2021-45491"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-29580"
},
{
"db": "VULMON",
"id": "CVE-2021-45491"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019014"
},
{
"db": "PACKETSTORM",
"id": "166386"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1924"
},
{
"db": "NVD",
"id": "CVE-2021-45491"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-29580"
},
{
"date": "2022-03-28T00:00:00",
"db": "VULMON",
"id": "CVE-2021-45491"
},
{
"date": "2023-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-019014"
},
{
"date": "2022-03-21T22:27:59",
"db": "PACKETSTORM",
"id": "166386"
},
{
"date": "2022-03-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1924"
},
{
"date": "2022-03-28T02:15:06.990000",
"db": "NVD",
"id": "CVE-2021-45491"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-29580"
},
{
"date": "2022-03-31T00:00:00",
"db": "VULMON",
"id": "CVE-2021-45491"
},
{
"date": "2023-07-13T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2021-019014"
},
{
"date": "2022-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1924"
},
{
"date": "2024-11-21T06:32:19.773000",
"db": "NVD",
"id": "CVE-2021-45491"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1924"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3CX\u00a0 of \u00a03cx\u00a0 Vulnerability in plaintext storage of important information in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019014"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1924"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.