Malicious code in 3cx-call-control-apps (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ca09aeb5dd1513eb46048a6987f18b72f8c9f52ba8340cefc8521c2138be8503 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

3CX 安全漏洞

3CX is an IP PBX an IP-based corporate phone system based on software open standards that provides complete unified communications. A security vulnerability exists in 3CX version 18 that stems from the presence of an uncontrolled search path local elevation of privilege vulnerability that allows ...

3CX Security Vulnerabilities

3CX is an IP PBX an IP-based corporate phone system based on software open standards that provides complete unified communications. A security vulnerability exists in 3CX versions prior to 18.0.9.23, 20.x through 20.0.0.1494, which stems from a vulnerability that allows SQL injection by name,...

VulnCheck KEV: CVE-2022-28005

An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server via /Electron/download directory traversal in conjunction with a path component that uses...

PT-2023-21079 · Openssl +1 · Openssl +1

Name of the Vulnerable Software and Affected Versions: 3CX affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations of 3CX. An attacker must first obtain the ability to execute low-privileged code on the target system in order...

CVE-2022-48483

3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthenticated remote attackers to read %WINDIR%\system32 files via /Electron/download directory traversal in conjunction with a path component that has a drive letter and uses backslash characters. NOTE: this issue exists because of an...

3CX 路径遍历漏洞

3CX is an IP PBX an IP-based corporate phone system based on software open standards that provides complete unified communications. A security vulnerability exists in 3CX that stems from a directory traversal vulnerability in the /Electron/download interface, which allows certain files to be read...

3CX 路径遍历漏洞

3CX is an IP PBX an IP-based corporate phone system based on open standards for software that provides complete unified communications. A security vulnerability exists in 3CX that stems from a directory traversal vulnerability in the /Electron/download interface, which allows reading the...

PT-2023-15816 · 3Cx · 3Cx

Name of the Vulnerable Software and Affected Versions: 3CX versions prior to 18 Hotfix 1 build 18.0.3.461 Description: The issue allows unauthenticated remote attackers to read files in the %WINDIR%system32 directory via directory traversal in the /Electron/download endpoint, specifically when...

PT-2023-15815 · 3Cx · 3Cx

Name of the Vulnerable Software and Affected Versions: 3CX versions prior to 18 Update 2 Security Hotfix build 18.0.2.315 Description: The issue allows unauthenticated remote attackers to read certain files via /Electron/download directory traversal. These files may contain credentials, full...

CISA Releases Malware Analysis Report on ICONICSTEALER

CISA has released a new Malware Analysis Report MAR on an infostealer known as ICONICSTEALER. This trojan has been identified as a variant of malware used in the supply chain attack against 3CX’s Desktop App. CISA recommends users and administrators to review the following resources for more...

North Korean Hackers Uncovered as Mastermind in 3CX Supply Chain Attack

Enterprise communications service provider 3CX confirmed that the supply chain attack targeting its desktop application for Windows and macOS was the handiwork of a threat actor with North Korean nexus. The findings are the result of an interim assessment conducted by Google-owned Mandiant, whose...

CVE-2023-29059

3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX...

3CX 安全漏洞

3CX is a software open standards-based IP PBX an IP-based corporate phone system that provides complete unified communications. A security vulnerability exists in 3CX version 18.12.416 and earlier, which stems from the inclusion of embedded malicious code...

VulnCheck KEV: CVE-2023-29059

3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX...

3CX Phone 安全漏洞

The 3CX Phone is a software-based private branch exchange. It can be used with SIP standard based IP phones, SIP trunks and VoIP gateways to provide a complete communication solution. A security vulnerability exists in 3CX Phone System version 16.0.0.1570, which stems from the -z aka...

3CX Phone system（web）management console 安全漏洞

The 3CX Phone is a software-based private branch exchange. It can be used with SIP standard based IP phones, SIP trunks and VoIP gateways to provide a complete communication solution. A security vulnerability exists in 3CX Phone system web management console version 18.0. An attacker could exploi...

CVE-2021-45490

The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation...

3CX Phone System 安全漏洞

The 3CX Phone is a software-based private branch exchange. It can be used with SIP standard based IP phones, SIP trunks and VoIP gateways to provide a complete communication solution. A security vulnerability exists in the 3CX Phone System that stems from the 3CX Phone System storing passwords in...

3CX Client 信任管理问题漏洞

3CX is an IP PBX an IP-based corporate phone system based on software open standards that provides complete unified communications. A trust management issue vulnerability exists in 3CX Client, which stems from 3CX Client not properly validating TLS certificates. No detailed vulnerability details...