Vulnerabilities > 3CX > Phone System Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2022-06-07 CVE-2019-9971 Improper Privilege Management vulnerability in multiple products
PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password.
network
low complexity
3cx debian CWE-269
8.8
2022-06-07 CVE-2019-9972 Command Injection vulnerability in multiple products
PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of "<space><space> followed by <shift><enter>" mishandling.
network
low complexity
3cx debian CWE-77
8.8