CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

OSV•added 2022/06/07 6:15 p.m.•2 views

CVE-2019-9972

PhoneSystem Terminal in 3CX Phone System Debian based installation 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of " followed by " mishandling...

8.8CVSS7.4AI score0.0075EPSS

Exploits1References2

NVD•added 2022/06/07 6:15 p.m.•10 views

CVE-2019-9971

PhoneSystem Terminal in 3CX Phone System Debian based installation 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z aka postrotate-command option to tcpdump can be unsafe when used in conjunction with sud...

9CVSS0.00324EPSS

Exploits1References3

NVD•added 2022/06/07 6:15 p.m.•14 views

CVE-2019-9972

9CVSS0.0075EPSS

Exploits1References2

Prion•added 2022/06/07 6:15 p.m.•18 views

Command injection

9CVSS8.7AI score0.00324EPSS

Exploits1References3Affected Software1

Prion•added 2022/06/07 6:15 p.m.•14 views

Command injection

9CVSS8.6AI score0.0075EPSS

Exploits1References2Affected Software1

CVE•added 2022/06/07 5:57 p.m.•54 views

CVE-2019-9972

The CVE-2019-9972 issue affects 3CX Phone System (Debian-based) version 16.0.0.1570, where an authenticated attacker can run arbitrary commands as the phonesystem user due to mishandling of a local input pattern: " followed by ". The vulnerability is a command injection in the PhoneSystem Termina...

9CVSS8.6AI score0.0075EPSS

Exploits1References2Affected Software1