PT-2009-2365 · 3Cx · 3Cx Phone System

Chris Castaldo

Published

2009-08-03

Updated

2017-08-17

CVE-2008-6896

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: 3CX Phone System version 6.0.806.0

Description: The issue in 3CX Phone System allows remote attackers to gain sensitive information when the disk capacity is fully utilized. This is due to the login.php file revealing the installation path via unspecified vectors.

Recommendations: For 3CX Phone System version 6.0.806.0, consider restricting access to the login.php file until a patch is available to prevent sensitive information disclosure. Additionally, ensure that disk capacity is monitored and maintained to prevent reaching 100% capacity, which can trigger this issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2008-6896

Affected Products

3Cx Phone System

PT-2009-2365 · 3Cx · 3Cx Phone System

CVE-2008-6896

Weakness Enumeration

Related Identifiers

Affected Products

References · 3