CVE-2017-15359

MEDIUM

3CX Phone System 15.5.3554.1 - Authenticated Path Traversal via RecordingList and SupportInfo API Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-15359. PoCs published by Jens Regel.

AI-analyzed exploit summary This exploit demonstrates an authenticated directory traversal vulnerability in 3CX Phone System 15.5.3554.1. It uses a crafted HTTP request to the Management Console API to read arbitrary files from the server, such as configuration files containing sensitive credentials.

Description

In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInfo?file=" are the vulnerable parameters. An attacker must be authenticated to exploit this issue to access sensitive information to aid in subsequent attacks.

Exploits (1)

exploitdb WORKING POC
by Jens Regel · textwebappslinux
https://www.exploit-db.com/exploits/42991

This exploit demonstrates an authenticated directory traversal vulnerability in 3CX Phone System 15.5.3554.1. It uses a crafted HTTP request to the Management Console API to read arbitrary files from the server, such as configuration files containing sensitive credentials.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: 3CX Phone System 15.5.3554.1
Auth required
Prerequisites: Authenticated access to the 3CX Management Console · Network access to port 5001
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2017/Oct/37
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42991/

Scores

CVSS v3 6.5
EPSS 0.0617
EPSS Percentile 92.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (1)
3cx/3cx 15.5.3554.1
Published Oct 18, 2017
Tracked Since Feb 18, 2026