CVE-2021-45490 Information

Description

The client applications in 3CX on Windows the 3CX app for iOS and the 3CX application for Android through 2022-03-17 lack SSL certificate validation.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Reference

https://packetstormsecurity.com/files/166376/3CX-Client-Missing-TLS-Validation.html https://www.3cx.com/community/forums/posts-articles-news/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

NONE

Base Severity

9.1