{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-28005","assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","dateUpdated":"2024-08-03T05:41:11.265Z","dateReserved":"2022-03-28T00:00:00.000Z","datePublished":"2022-05-06T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre","dateUpdated":"2023-05-02T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server (via /Electron/download directory traversal in conjunction with a path component that uses backslash characters), leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITY\\SYSTEM on Windows installations. NOTE: this issue exists because of an incomplete fix for CVE-2022-48482."}],"affected":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}],"references":[{"url":"https://www.3cx.com/blog/change-log/phone-system-change-log/"},{"url":"https://www.3cx.com/blog/releases/v18-update-3-final/"},{"url":"https://www.3cx.com/blog/releases/v18-security-hotfix/"},{"url":"https://medium.com/%40frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88"}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"n/a"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T05:41:11.265Z"},"title":"CVE Program Container","references":[{"url":"https://www.3cx.com/blog/change-log/phone-system-change-log/","tags":["x_transferred"]},{"url":"https://www.3cx.com/blog/releases/v18-update-3-final/","tags":["x_transferred"]},{"url":"https://www.3cx.com/blog/releases/v18-security-hotfix/","tags":["x_transferred"]},{"url":"https://medium.com/%40frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88","tags":["x_transferred"]}]}]}}