Every CVE whose affected-product data names 3cx, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2023-49954 — CVSS 9.8 (critical): The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email…
CVE-2022-28005 — CVSS 9.8 (critical): An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could…
CVE-2021-45490 — CVSS 9.1 (critical): The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate…
CVE-2023-27362 — CVSS 7.8 (high): 3CX Uncontrolled Search Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on…
CVE-2019-14935 — CVSS 7.8 (high): 3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp" installation directory, allowing Full…
CVE-2023-29059 — CVSS 7.8 (high): 3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and…
CVE-2019-13176 — CVSS 7.5 (high): An issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx…
CVE-2022-48482 — CVSS 7.5 (high): 3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows allows unauthenticated remote attackers to read certain files via…
CVE-2022-48483 — CVSS 7.5 (high): 3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthenticated remote attackers to read %WINDIR%\system32 files via…
CVE-2017-15359 — CVSS 6.5 (medium): In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack…
CVE-2018-7654 — CVSS 6.5 (medium): On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/RecordingList/download?file=" allows full access to files on the…