First published: Tue May 02 2023(Updated: )
3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows allows unauthenticated remote attackers to read certain files via /Electron/download directory traversal. Files may have credentials, full backups, call recordings, and chat logs.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
3CX 3CX | <18.0.2.315 | |
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2022-48482.
CVE-2022-48482 has a severity level of 7.5 (high).
3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows is affected by CVE-2022-48482.
Unauthenticated remote attackers can exploit CVE-2022-48482 by reading certain files via /Electron/download directory traversal.
By exploiting CVE-2022-48482, attackers can potentially access files containing credentials, full backups, call recordings, and chat logs.