CyberSec.Space Logo
Back to CVE Browser

CVE-2021-45490

CRITICAL
9.1
CVSS Severity Score
EPSS Score0.1130%
EPSS Percentile39.55th
PublishedMar 28, 2022
Last ModifiedNov 21, 2024

Vulnerability Description

The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation.

Affected Platforms (CPE)

πŸ“¦
3cx

3cx

<= 18.0.4
πŸ“¦
3cx

3cx

<= 18.0.11
πŸ“¦
3cx

3cx

<= 2022-03-17

References & Advisories

πŸ”— https://packetstormsecurity.com/files/166376/3CX-Client-Missing-TLS-Validation.html
πŸ”— https://www.3cx.com/community/forums/posts-articles-news/
πŸ”— https://packetstormsecurity.com/files/166376/3CX-Client-Missing-TLS-Validation.html
πŸ”— https://www.3cx.com/community/forums/posts-articles-news/

Related Vulnerabilities

CVE-2019-99728.8

PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated attacker to run arbitrary...

CVE-2019-99718.8

PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an attacker to gain root privileges by usi...

CVE-2019-149357.8

3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp" installation directory, allo...

CVE-2008-68957.8

3CX Phone System 6.0.806.0 allows remote attackers to cause a denial of service (unstable service or crash) via unspecified vector...