Back to search
CVE-2017-15359
Published: Oct 18, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInfo?file=" are the vulnerable parameters. An attacker must be authenticated to exploit this issue to access sensitive information to aid in subsequent attacks.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20171016 [CVE-2017-15359] 3CX Phone System - Authenticated Directory Traversal
mailing-list
x_refsource_FULLDISC
42991
exploit
x_refsource_EXPLOIT-DB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now