Vulnerabilities > 3CX > Phone System Firmware > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-06-07 | CVE-2019-9971 | Improper Privilege Management vulnerability in multiple products PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. | 8.8 |
2022-06-07 | CVE-2019-9972 | Command Injection vulnerability in multiple products PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of "<space><space> followed by <shift><enter>" mishandling. | 8.8 |