MidnightBSD

Advisories for 3cx

CVE-2014-10386 MEDIUM

The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
3cx live_chat *
CVE-2016-10879 MEDIUM

The wp-live-chat-support plugin before 6.2.02 for WordPress has XSS.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
3cx live_chat *
CVE-2017-15359 MEDIUM

In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInfo?file=" are the vulnerable parameters. An attacker must be authenticated to exploit this issue to access sensitive information to aid in subsequent attacks.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
3cx 3cx 15.5.3554.1
CVE-2017-18507 MEDIUM

The wp-live-chat-support plugin before 7.1.05 for WordPress has XSS.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
3cx live_chat *
CVE-2017-18508 MEDIUM

The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
3cx live_chat *
wp-livechat wp_live_chat_support *
CVE-2017-2187 MEDIUM

Cross-site scripting vulnerability in WP Live Chat Support prior to version 7.0.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
3cx live_chat *
CVE-2018-11105 MEDIUM

There is stored cross site scripting in the wp-live-chat-support plugin before 8.0.08 for WordPress via the "name" (aka wplc_name) and "email" (aka wplc_email) input fields to wp-json/wp_live_chat_support/v1/start_chat whenever a malicious attacker would initiate a new chat with an administrator. NOTE: this issue exists because of an incomplete fix for CVE-2018-9864.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
3cx live_chat *
CVE-2018-12426 HIGH

The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a v1/remote_upload request with a .php filename and the image/jpeg content type.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,

Products Affected

Vendor Product Version
3cx live_chat *
CVE-2018-14905 MEDIUM

The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
3cx 3cx_web_server 15.5.8801.3
CVE-2018-14906 MEDIUM

The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces' propertyPath parameters.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
3cx 3cx_web_server 15.5.8801.3
CVE-2018-14907 MEDIUM

The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-209,

Products Affected

Vendor Product Version
3cx 3cx_web_server 15.5.8801.3
CVE-2018-18460 MEDIUM

XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress via the modules/gdpr.php term parameter in a wp-admin/admin.php wplivechat-menu-gdpr-page request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
3cx live_chat 8.0.15
CVE-2018-7654 MEDIUM

On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/RecordingList/download?file=" allows full access to files on the server via path traversal.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
3cx 3cx 15.5.6354.2
CVE-2018-9864 MEDIUM

The WP Live Chat Support plugin before 8.0.06 for WordPress has stored XSS via the Name field.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
3cx live_chat *
CVE-2019-11185 HIGH

The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability. This results from an incomplete patch for CVE-2018-12426. Arbitrary file upload is achieved by using a non-blacklisted executable file extension in conjunction with a whitelisted file extension, and prepending "magic bytes" to the payload to pass MIME checks. Specifically, an unauthenticated remote user submits a crafted file upload POST request to the REST api remote_upload endpoint. The file contains data that will fool the plugin's MIME check into classifying it as an image (which is a whitelisted file extension) and finally a trailing .phtml file extension.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,

Products Affected

Vendor Product Version
3cx live_chat *
CVE-2019-12498 HIGH

The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplc_api_permission_check protection mechanism.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-862,

Products Affected

Vendor Product Version
3cx live_chat *
CVE-2019-13176 MEDIUM

An issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx component is affected by XXE via a crafted XML document in POST data. There is potential to use this for SSRF (reading local files, outbound HTTP, and outbound DNS).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
3cx 3cx 12.5
3cx 3cx 12.5.44178.1002
CVE-2019-14935 MEDIUM

3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
3cx 3cx 15
CVE-2019-14950 MEDIUM

The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS via the GDPR page.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
3cx live_chat *
CVE-2019-9913 MEDIUM

The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
3cx live_chat *
CVE-2019-9971 HIGH

PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z (aka postrotate-command) option to tcpdump can be unsafe when used in conjunction with sudo.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,

Products Affected

Vendor Product Version
debian debian_linux -
3cx phone_system_firmware 16.0.0.1570
CVE-2019-9972 HIGH

PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of "<space><space> followed by <shift><enter>" mishandling.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
debian debian_linux -
3cx phone_system_firmware 16.0.0.1570
CVE-2021-45490 MEDIUM

The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
3cx 3cx *
CVE-2021-45491 MEDIUM

3CX System through 2022-03-17 stores cleartext passwords in a database.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-312,

Products Affected

Vendor Product Version
3cx 3cx *
CVE-2022-27438 MEDIUM

Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an affected installation to trigger the update check.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-494,

Products Affected

Vendor Product Version
jpsoft take_command 28.2.18
realdefense mypasslock 1.9.6
rstinstruments dt2055b_firmware 1.19.4.0
rstinstruments portable_tilt_meter_firmware 1.20.1
rstinstruments dtsaa_firmware 1.19.4.0
krylack zip_password_recovery 3.70.69
rstinstruments inclinalysis_digital_inclinometer 2.48.9
freesnippingtool free_snipping_tool 5.6.0.0
rstinstruments vw2106_firmware -
codesector teracopy 3.8.5
rstinstruments dt2011_firmware 1.19.4.0
rstinstruments dt4205_firmware 1.19.4.0
krylack rar_password_recovery 3.70.69
rstinstruments dt2050b_firmware 1.19.4.0
rstinstruments gaa2820_firmware 1.19.4.0
rstinstruments rstar_rtu_host 1.33.0
rstinstruments sg350_firmware 1.4.0.2
rstinstruments ir420_firmware 1.4.0.2
flamory flamory 4.2.19.0
fxsound fxsound 1.1.12.0
krylack burning_suite 1.20.05
rstinstruments ipi_utility 1.05.0
krylack asterisks_password_decryptor 3.31.107
xsplit xsplit_express_video_editor 3.0.2001.801
urban-vpn urban_vpn 2.2.5
rstinstruments dt2011b_firmware 1.19.4.0
rstinstruments dt2306_firmware 1.19.4.0
rovio bad_piggies 1.3.0
rstinstruments dt2350_firmware 1.19.4.0
rstinstruments qb120_firmware 1.4.0.2
nefarius scptoolkit 1.6.238.16010
getmailbird mailbird 2.9.50.0
rstinstruments dtl201b/2b_firmware 1.19.4.0
moonsoftware password_agent 20.10.1
rstinstruments dt2040_firmware 1.19.4.0
rstinstruments th2016b_firmware 1.4.0.2
caphyon advanced_installer *
codesector direct_folders 4.0
jki vi_package_manager 21.1.2754
rstinstruments dt2050_firmware 1.19.4.0
realdefense mycleanid 4.1.4
rstinstruments th2016_firmware 1.4.0.2
rstinstruments vw0420_firmware 1.33.0
vrdesktop virtual_desktop_streamer 1.20.16
plagiarismcheckerx plagiarism_checker_x 8.0.6
realdefense mycleanpc 4.0.2
vpnhood vpnhood 2.4.299
rstinstruments rtu_firmware 1.19.4.0
prusa3d prusaslicer 2.4.2
rovio angry_birds_space 1.4.1
rstinstruments mems_tilt_meter_firmware 1.20.1
vigem vigembus_driver 1.16.116
krylack volume_serial_number_editor 2.02.34
gamecaster gamecaster 4.0.2109.2802
rstinstruments mtcm_firmware 1.19.4.0
rstinstruments ma7_firmware 1.4.0.2
rstinstruments lp100_firmware 1.4.0.2
rstinstruments ic6560_firmware 1.19.4.0
gainedge better_explorer 2020.3.15.1304
3cx call_flow_designer 18.2.13
3cx crm_template_generator 2.1.23
honeygain honeygain 0.10.7.0
rstinstruments ic6660_firmware 1.19.4.0
krylack archive_password_recovery 3.70.69
guzogo guzogo 1.0.5.0
rstinstruments dt2485_firmware 1.19.4.0
synaptics displaylink_usb_graphics *
boom boomtv_streamer_portal 2.2.1
emeditor emeditor 21.3.0
rstinstruments c109_firmware 1.4.0.2
CVE-2022-28005 MEDIUM

An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server (via /Electron/download directory traversal in conjunction with a path component that uses backslash characters), leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITY\SYSTEM on Windows installations. NOTE: this issue exists because of an incomplete fix for CVE-2022-48482.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,

Products Affected

Vendor Product Version
3cx 3cx *
CVE-2022-48482

3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows allows unauthenticated remote attackers to read certain files via /Electron/download directory traversal. Files may have credentials, full backups, call recordings, and chat logs.

Products Affected

Vendor Product Version
3cx 3cx *
CVE-2022-48483

3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthenticated remote attackers to read %WINDIR%\system32 files via /Electron/download directory traversal in conjunction with a path component that has a drive letter and uses backslash characters. NOTE: this issue exists because of an incomplete fix for CVE-2022-28005.

Products Affected

Vendor Product Version
3cx 3cx *
CVE-2023-27362

3CX Uncontrolled Search Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of 3CX. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-20026.

Products Affected

Vendor Product Version
3cx 3cx *
CVE-2023-29059

3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX DesktopApp Electron macOS application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
3cx 3cx 18.12.416
3cx 3cx 18.12.407
3cx 3cx 18.11.1213
3cx 3cx 18.12.402
CVE-2023-49954

The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
3cx 3cx *