cvedb.io
CVE-2022-28005
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2022-05-06T15:15:08.787 · Last modified 2026-06-17T04:37:50.650

Summary

An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server (via /Electron/download directory traversal in conjunction with a path component that uses backslash characters), leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITY\SYSTEM on Windows installations. NOTE: this issue exists because of an incomplete fix for CVE-2022-48482.

Affected products

3cx — 3cx

Does this affect you?

Add your gear to cvedb and we'll alert you only when 3cx ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.