First published: Mon Mar 28 2022(Updated: )
The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
3cx 3cx | <=18.0.4 | |
3cx 3cx | <=18.0.11 | |
3cx 3cx | <=2022-03-17 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2021-45490.
The severity of CVE-2021-45490 is critical with a CVSS score of 9.1.
The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android are affected.
The impact of CVE-2021-45490 is that the affected client applications lack SSL certificate validation, which can lead to man-in-the-middle attacks and unauthorized access.
To fix CVE-2021-45490, update the affected client applications to versions that include SSL certificate validation.