Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-28005: Security & Memory Hotfix Available for V18 Update 3

An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server, leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITY\SYSTEM on Windows installations. Versions prior to version 18, Hotfix 1 Build 18.0.3.461 March 2022, are prone to an additional unauthenticated file system access to C:\Windows\System32.

CVE
#vulnerability#windows#ddos#rce#perl#auth

Skip to content

PHONE SYSTEM | VIDEO | LIVE CHAT

CONNECT YOUR
TEAM & CUSTOMERS

Security & Memory Hotfix Available for V18 Update 3

Posted on March 21st, 2022 by Keith Winhall, Product Communicator, 3CX

A hotfix is available for V18 Update 3 which addresses the following:

  • Fix for a security vulnerability
  • Fix of memory leak affecting business systems in particular conditions
  • Fix for application crash of the call manager if under DDOS attack.

We urge you to install the Hotfix as soon as possible to keep your 3CX system secure.

To install the Hotfix

Click on “Updates” in the Management Console’s Dashboard, select “Hotfix 1 (Security and Memory Issue)” to install this update on your PBX.

Discuss this article

Related Posts

Page load link

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907