PT-2009-2365 · 3Cx · 3Cx Phone System

Chris Castaldo

Publicado

2009-08-03

Atualizado

2017-08-17

CVE-2008-6896

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: 3CX Phone System version 6.0.806.0

Description: The issue in 3CX Phone System allows remote attackers to gain sensitive information when the disk capacity is fully utilized. This is due to the login.php file revealing the installation path via unspecified vectors.

Recommendations: For 3CX Phone System version 6.0.806.0, consider restricting access to the login.php file until a patch is available to prevent sensitive information disclosure. Additionally, ensure that disk capacity is monitored and maintained to prevent reaching 100% capacity, which can trigger this issue.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2008-6896

Produtos afetados

3Cx Phone System

PT-2009-2365 · 3Cx · 3Cx Phone System

CVE-2008-6896

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3