First published: Fri May 06 2022(Updated: )
An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server (via /Electron/download directory traversal in conjunction with a path component that uses backslash characters), leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITY\SYSTEM on Windows installations. NOTE: this issue exists because of an incomplete fix for CVE-2022-48482.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
3CX 3CX | <=18.0.3.450 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-28005 is a vulnerability discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL.
The severity of CVE-2022-28005 is critical with a CVSS score of 9.8.
CVE-2022-28005 allows an unauthenticated attacker to abuse improperly secured access and gain unauthorized access to arbitrary files on the server.
To fix CVE-2022-28005, it is recommended to upgrade the 3CX Phone System Management Console to version 18 Update 3 FINAL or apply the necessary security hotfix.
You can find more information about CVE-2022-28005 in the provided references: [link1], [link2], [link3].