Outdated and vulnerable PostgreSQL version 9.2.4 used in 3CX V14 SP3

3CX Version 14 Service Pack 3 seems to include/use a very old and insecure PostgreSQL version 9.2.4 (released 04-04-2013).

There have been at least 13 releases since 9.2.4, the latest being 9.2.17 which have resolved the following vulnerabilities: CVE-2014-0066, CVE-2014-0065, CVE-2014-0064, CVE-2014-0063, CVE-2014-0062, CVE-2014-0061, CVE-2014-0060, CVE-2014-0067, CVE-2014-8161, CVE-2015-0244, CVE-2015-0243, CVE-2015-0242, CVE-2015-0241, CVE-2015-3167, CVE-2015-3166, CVE-2015-3165, CVE-2015-5288 and CVE-2016-0773
This means that 3CX V14 Service Pack 3 is likely to be vulnerable to all of the above vulnerabilities.  Using an IPS firewall may help to reduce the risk to your system until an updated version of PostgreSQL is integrated into 3CX.

Leave a Reply

Your email address will not be published.