Описание
PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of " followed by " mishandling.
Ссылки
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:3cx:phone_system_firmware:16.0.0.1570:*:*:*:*:*:*:*
cpe:2.3:h:3cx:phone_system:-:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:*
EPSS
Процентиль: 67%
0.00553
Низкий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-77
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of "<space><space> followed by <shift><enter>" mishandling.
EPSS
Процентиль: 67%
0.00553
Низкий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-77