12.1 C
Monday, December 18, 2023

3CX Asks customers to Disable Database Integrations to Thwart Assaults

3CX, a VoIP communications agency, has suggested clients to disable SQL Database integrations because of the dangers posed by a possible vulnerability.

A SQL Injection vulnerability in 3CX CRM Integration has been recognized as CVE-2023-49954.

An attacker can manipulate an utility’s database queries as a consequence of SQL Injection, a prevalent but dangerous net safety flaw.

This will likely lead to attackers getting access to delicate knowledge and, in excessive circumstances, in full management of the database.

The vulnerability targets the CRM integration templates that 3CX affords for connecting to completely different databases, together with MsSQL, PostgreSQL, MongoDB, and MySQL.

“If one of many Integration templates has been used (MsSQL, MySQL, PostgreSQL) they are often topic to SQL injection assaults if the 3CX server is offered on the web and no Net utility firewall is in entrance of the 3CX machine. In that case, it’s attainable to control the unique SQL question executed in opposition to a database”, in line with 3CX CEO Nick Galea.

“Prospects utilizing MongoDB or any of our web-based CRM integration templates should not affected by this.”

Disable your SQL Database Integrations

Pierre Jourdan, the chief data safety officer at 3CX, stated at this time that “if you’re utilizing SQL Database integration, it’s topic doubtlessly to vulnerability – relying upon the configuration.” 

“As a precautionary measure, and while we work on an answer to soundly re-enable this integration.”

Quickly disable the next database integrations:

  • Database MongoDB
  • Database MsSQL
  • Database MySQL
  • Database PostgreSQL

There isn’t any impression on any web-based CRM integrations.

Which 3CX Variations are affected?

Confirm whether or not you’re utilizing one of many above-mentioned integrations for those who’re working Model 18.

This may be completed by way of Administration Console / Settings / CRM. Set it to “None” and save.

 Database Integrations
Database Integrations

Confirm whether or not you’re utilizing any of the above-mentioned integrations if you’re working Model 20.

You may accomplish this from Webclient / Admin Console / Integrations / CRM. Reserve it with “None” chosen.

Disable your SQL Database Integrations
Disable your SQL Database Integrations

The report additionally said that merely 0.25% of the person inhabitants has built-in sequel. That is an older integration designed for an on-premise firewall-secured community. 

Nonetheless, relying on the configuration, using a SQL Database integration might expose you to a vulnerability. Prospects are being requested to disable SQL database integrations to stop hacking assaults.

Latest news
Related news


Please enter your comment!
Please enter your name here