3cx Security Vulnerabilities and Issues — 3cx CVE List

Lucene search

3cx3cx

3 matches found

CVE•added 2022/03/28 2:15 a.m.•97 views

CVE-2021-45491

3CX System through 2022-03-17 stores cleartext passwords in a database.

6.5CVSS6.4AI score0.00115EPSS

CVE•added 2017/10/18 6:29 p.m.•62 views

CVE-2017-15359

In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInfo?file=" are the vulnerable parameters. An attacker must be authenticated to exploit this issue to a...

6.5CVSS6.2AI score0.06863EPSS

CVE•added 2018/03/04 1:29 a.m.•35 views

CVE-2018-7654

On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/RecordingList/download?file=" allows full access to files on the server via path traversal.

6.5CVSS6.4AI score0.00405EPSS