Headline
CVE-2022-28005: Security & Memory Hotfix Available for V18 Update 3
An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server, leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITY\SYSTEM on Windows installations. Versions prior to version 18, Hotfix 1 Build 18.0.3.461 March 2022, are prone to an additional unauthenticated file system access to C:\Windows\System32.
Skip to content
PHONE SYSTEM | VIDEO | LIVE CHAT
CONNECT YOUR
TEAM & CUSTOMERS
Security & Memory Hotfix Available for V18 Update 3
Posted on March 21st, 2022 by Keith Winhall, Product Communicator, 3CX
A hotfix is available for V18 Update 3 which addresses the following:
- Fix for a security vulnerability
- Fix of memory leak affecting business systems in particular conditions
- Fix for application crash of the call manager if under DDOS attack.
We urge you to install the Hotfix as soon as possible to keep your 3CX system secure.
To install the Hotfix
Click on “Updates” in the Management Console’s Dashboard, select “Hotfix 1 (Security and Memory Issue)” to install this update on your PBX.
Discuss this article
Related Posts
Page load link