Arbitrary Command Execution Vulnerability in 3CX Phone System Terminal

Arbitrary Command Execution Vulnerability in 3CX Phone System Terminal

CVE-2019-9972 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of "<space><space> followed by <shift><enter>" mishandling.

Learn more about our Cis Benchmark Audit For Debian Linux.