CVE-2022-28005 Information

Description

An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server leading to cleartext credential disclosure. Afterwards the authenticated attacker is able to upload a file that overwrites a 3CX service binary leading to Remote Code Execution as NT AUTHORITY\SYSTEM on Windows installations. Versions prior to version 18 Hotfix 1 Build 18.0.3.461 March 2022 are prone to an additional unauthenticated file system access to C:\Windows\System32.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://www.3cx.com/blog/releases/v18-security-hotfix/ https://www.3cx.com/blog/change-log/phone-system-change-log/ https://www.3cx.com/blog/releases/v18-update-3-final/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8