CVE-2023-49954
https://notcve.org/view.php?id=CVE-2023-49954
The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address. La integración de CRM en 3CX anterior a 18.0.9.23 y 20 anterior a 20.0.0.1494 permite la inyección SQL a través de un nombre, cadena de búsqueda o dirección de correo electrónico. • https://github.com/CVE-2023-49954/CVE-2023-49954.github.io https://cve-2023-49954.github.io • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-27362 – 3CX Uncontrolled Search Path Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-27362
3CX Uncontrolled Search Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of 3CX. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.3cx.com/blog/releases/v18-u8 https://www.zerodayinitiative.com/advisories/ZDI-23-1153 • CWE-427: Uncontrolled Search Path Element •
CVE-2022-48482
https://notcve.org/view.php?id=CVE-2022-48482
3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows allows unauthenticated remote attackers to read certain files via /Electron/download directory traversal. Files may have credentials, full backups, call recordings, and chat logs. • https://medium.com/%40frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88 https://www.3cx.com/blog/change-log/phone-system-change-log • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2022-48483
https://notcve.org/view.php?id=CVE-2022-48483
3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthenticated remote attackers to read %WINDIR%\system32 files via /Electron/download directory traversal in conjunction with a path component that has a drive letter and uses backslash characters. NOTE: this issue exists because of an incomplete fix for CVE-2022-28005. • https://medium.com/%40frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88 https://www.3cx.com/blog/change-log/phone-system-change-log • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2023-29059
https://notcve.org/view.php?id=CVE-2023-29059
3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX DesktopApp Electron macOS application. • https://cwe.mitre.org/data/definitions/506.html https://news.sophos.com/en-us/2023/03/29/3cx-dll-sideloading-attack https://www.3cx.com/blog/news/desktopapp-security-alert https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers https://www.fortinet.com/blog/threat-research/3cx-desktop-app-compromised https://www.huntress.com/blog/3cx-voip-software-compromise-supply-chain-threats •