CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2021-45490

CRITICAL
9.1
CVSS Severity Score
EPSS Score0.1130%
EPSS Percentile39.55th
Published2022年3月28日
Last Modified2024年11月21日

Vulnerability Description

The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation.

Affected Platforms (CPE)

📦
3cx

3cx

<= 18.0.4
📦
3cx

3cx

<= 18.0.11
📦
3cx

3cx

<= 2022-03-17

References & Advisories

🔗 https://packetstormsecurity.com/files/166376/3CX-Client-Missing-TLS-Validation.html
🔗 https://www.3cx.com/community/forums/posts-articles-news/
🔗 https://packetstormsecurity.com/files/166376/3CX-Client-Missing-TLS-Validation.html
🔗 https://www.3cx.com/community/forums/posts-articles-news/

相關漏洞威脅

CVE-2019-99728.8

PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated attacker to run arbitrary...

CVE-2019-99718.8

PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an attacker to gain root privileges by usi...

CVE-2019-149357.8

3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp" installation directory, allo...

CVE-2008-68957.8

3CX Phone System 6.0.806.0 allows remote attackers to cause a denial of service (unstable service or crash) via unspecified vector...