Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z (aka postrotate-command) option to tcpdump can be unsafe when used in conjunction with sudo.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
3CX Phone 安全漏洞
Vulnerability Description
3CX Phone是一款基于软件的专用分支交换机。该产品可与基于SIP标准的IP电话、SIP中继和VoIP网关配合使用,提供完整的通信解决方案。 3CX Phone System 16.0.0.1570 版本存在安全漏洞,该漏洞源于 tcpdump 的 -z(又名 postrotate-command)选项与 sudo 结合使用时可能不安全。攻击者利用该漏洞可通过使用 sudo 和 tcpdump 命令无需密码获得 root 权限。
CVSS Information
N/A
Vulnerability Type
N/A