← Back

Phone System Firmware

phone_system_firmware

Vendor: 3cx • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-9972
23cx
Debian
2Debian Linux
Phone System Firmware
Nov 21, 2024
Jun 7, 2022
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of "<space><space> followed by <shi...Show more
PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of "<space><space> followed by <shift><enter>" mishandling.Show less
CVE-2019-9971
23cx
Debian
2Debian Linux
Phone System Firmware
Nov 21, 2024
Jun 7, 2022
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z (aka post...Show more
PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z (aka postrotate-command) option to tcpdump can be unsafe when used in conjunction with sudo.Show less