← back
CVE-2017-15359

CVE-2017-15359

EPSS 6.2%
In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInfo?file=" are the vulnerable parameters. An attacker must be authenticated to exploit this issue to access sensitive information to aid in subsequent attacks.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/42991/unverifiedexploitdbwww.exploit-db.com/exploits/42991unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://seclists.org/fulldisclosure/2017/Oct/37https://www.exploit-db.com/exploits/42991/