Vulnerabilities (CVE)

Filtered by vendor 3cx Subscribe
Filtered by product Phone System Firmware
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-9972 2 3cx, Debian 3 Phone System, Phone System Firmware, Debian Linux 2024-11-21 9.0 HIGH 8.8 HIGH
PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of "<space><space> followed by <shift><enter>" mishandling.
CVE-2019-9971 2 3cx, Debian 3 Phone System, Phone System Firmware, Debian Linux 2024-11-21 9.0 HIGH 8.8 HIGH
PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z (aka postrotate-command) option to tcpdump can be unsafe when used in conjunction with sudo.