Contact us

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries

Services

Services

Take me to HPE.com

HTTP: 3CX Phone System VAD_Deploy_aspx Arbitrary File Upload

An arbitrary file upload vulnerability exists in 3CX VoIP Phone System Manager. The vulnerability is due to failure to restrict file uploads in VAD_Deploy.aspx. A remote unauthenticated attacker can exploit this vulnerability by sending maliciously crafted requests to the target server. Successful exploitation could lead to arbitrary command execution on the server with SYSTEM privileges.

References

URL: http://www.3cx.com/blog/news/security-bulletin/ https://blogs.securiteam.com/index.php/archives/2703

Short Name

HTTP:FILE-UPLOAD-3CX-PHONE

Severity

Major

Recommended

True

Recommended Action

Drop

Category

HTTP

Keywords

3CX Arbitrary File Phone System Upload VAD_Deploy_aspx

Release Date

01/09/2017

Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version

3668

False Positive

Unknown