CVE-2019-13176 - An issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through 12.

CVE-2019-13176

Summary

An issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx component is affected by XXE via a crafted XML document in POST data. There is potential to use this for SSRF (reading local files, outbound HTTP, and outbound DNS).

References

https://www.logicallysecure.com/blog/3cx-phone-system-web-console-affected-by-xxe/

Vulnerable Configurations

cpe:2.3:a:3cx:3cx:12.5:sp1:*:*:*:*:*:*
cpe:2.3:a:3cx:3cx:12.5:sp1:*:*:*:*:*:*
cpe:2.3:a:3cx:3cx:12.5:sp2:*:*:*:*:*:*
cpe:2.3:a:3cx:3cx:12.5:sp2:*:*:*:*:*:*
cpe:2.3:a:3cx:3cx:12.5.44178.1002:*:*:*:*:*:*:*
cpe:2.3:a:3cx:3cx:12.5.44178.1002:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 28-08-2019 - 13:57)
Impact:
Exploitability:

CWE

CWE-611

CAPEC

XML External Entities Blowup
This attack takes advantage of the entity replacement property of XML where the value of the replacement is a URI. A well-crafted XML document could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

misc

https://www.logicallysecure.com/blog/3cx-phone-system-web-console-affected-by-xxe/

Last major update

28-08-2019 - 13:57

Published

08-08-2019 - 14:15

Last modified

28-08-2019 - 13:57