CVE-2022-48482

Published: May 2, 2023

Modified: Jan 30, 2025

PUBLISHED

Description

3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows allows unauthenticated remote attackers to read certain files via /Electron/download directory traversal. Files may have credentials, full backups, call recordings, and chat logs.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.3cx.com/blog/change-log/phone-system-change-log/

https://medium.com/%40frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-48482

Description

Affected Products

References