PT-2022-12369 · 3Cx · 3Cx On Windows+3

Published

2022-03-21

Updated

2022-04-04

CVE-2021-45490

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions 3CX on Windows (affected versions not specified) 3CX app for iOS (affected versions not specified) 3CX application for Android (affected versions not specified)

Description The client applications in 3CX lack SSL certificate validation. This issue affects the 3CX client on Windows, the 3CX app for iOS, and the 3CX application for Android.

Recommendations For 3CX on Windows, consider disabling SSL connections until a patch is available. For the 3CX app for iOS, restrict access to sensitive data exchanged over SSL connections. For the 3CX application for Android, avoid using the application for sensitive communications until the issue is resolved.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

CVE-2021-45490

Affected Products

3Cx

3Cx App For Ios

3Cx Application For Android

3Cx On Windows

PT-2022-12369 · 3Cx · 3Cx On Windows+3

CVE-2021-45490

Weakness Enumeration

Related Identifiers

Affected Products

References · 7