CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-49954
https://notcve.org/view.php?id=CVE-2023-49954
The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address. La integración de CRM en 3CX anterior a 18.0.9.23 y 20 anterior a 20.0.0.1494 permite la inyección SQL a través de un nombre, cadena de búsqueda o dirección de correo electrónico. • https://github.com/CVE-2023-49954/CVE-2023-49954.github.io https://cve-2023-49954.github.io • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27362 – 3CX Uncontrolled Search Path Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-27362
3CX Uncontrolled Search Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of 3CX. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.3cx.com/blog/releases/v18-u8 https://www.zerodayinitiative.com/advisories/ZDI-23-1153 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48483
https://notcve.org/view.php?id=CVE-2022-48483
3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthenticated remote attackers to read %WINDIR%\system32 files via /Electron/download directory traversal in conjunction with a path component that has a drive letter and uses backslash characters. NOTE: this issue exists because of an incomplete fix for CVE-2022-28005. • https://medium.com/%40frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88 https://www.3cx.com/blog/change-log/phone-system-change-log • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48482
https://notcve.org/view.php?id=CVE-2022-48482
3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows allows unauthenticated remote attackers to read certain files via /Electron/download directory traversal. Files may have credentials, full backups, call recordings, and chat logs. • https://medium.com/%40frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88 https://www.3cx.com/blog/change-log/phone-system-change-log • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2022-28005
https://notcve.org/view.php?id=CVE-2022-28005
An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server (via /Electron/download directory traversal in conjunction with a path component that uses backslash characters), leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITY\SYSTEM on Windows installations. NOTE: this issue exists because of an incomplete fix for CVE-2022-48482. Se ha detectado un problema en 3CX Phone System Management Console versiones anteriores a 18 Actualización 3 FINAL. • https://medium.com/%40frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88 https://www.3cx.com/blog/change-log/phone-system-change-log https://www.3cx.com/blog/releases/v18-security-hotfix https://www.3cx.com/blog/releases/v18-update-3-final • CWE-522: Insufficiently Protected Credentials •