Tag Archives: 3CX

Outdated/vulnerable OpenSSL versions 1.0.1e/1.0.1g used in 3CX V14 SP3

3CX Version 14 Service Pack 3 seems to include/use very old and insecure versions of OpenSSL 1.0.1e (11th February 2013) and 1.0.1g (5th June 2014).

More info about the locations is below:

C:\Program Files\3CX Phone System\Instance1\Bin\libeay32.dll
C:\Program Files\3CX Phone System\Instance1\Bin\ssleay32.dll

1.0.1.7
1.0.1g (5 Jun 2014)

C:\ProgramData\3CX\Bin\SSL\libeay32.dll
C:\ProgramData\3CX\Bin\SSL\ssleay32.dll

1.0.1.5
1.0.1e (11 Feb 2013)

OpenSSL 1.0.1t is the latest release and resolves a number of serious vulnerabilities

https://www.openssl.org/news/openssl-1.0.1-notes.html

This means that 3CX V14 Service Pack 3 is likely to be vulnerable to all of the documented vulnerabilities prior to the 1.0.1t OpenSSL release.  Using an IPS firewall may help to reduce the risk to your system until an updated version of OpenSSL is integrated into 3CX.

Change of behaviour with TRAN (Transfer) key after upgrading Yealink T3X and Yealink T2X Firmware to V70

I have noticed a change of behaviour with TRAN (Transfer) key after upgrading Yealink T3X and Yealink T2X to the new V70 firmware along with upgrading 3CX Version 11 to Service Pack 3.

It appears that the default DSS Key Transfer Mode is changed from Attended Transfer to Blind Transfer.  An Attended Transfer was always performed when you used the BLF/DSS Keys to perform the Transfer in previous Yealink firmware versions.  For example A calls B wanting to speak with C, B presses TRAN button and then presses the BLF/DSS Key for C.  In this instance B should be able to speak with C (Attended Transfer) to see if they want to take the call rather than A just being passed straight to C (Blind Transfer).

yealink blind transfer

 

You need to login to the Yealink HTTP Interface and then navigate to Phone->Features->Transfer Settings and Change “Transfer Mode via DSSKey” to “Attended Transfer” by using the drop down menu.

yealink attended transfer

So by changing this simple setting you can restore the Attended Transfer function whilst still taking advantage of the V70 Firmware for your Yealink Phone.

Dial code to set 3CX MyPhone extension status

You can use the following dial codes to change your 3CX MyPhone extension status

The dial codes are as follows:

*30 = Available

*31 = Away

*32 = OutOfOffice

*33 = Custom1

*34 = Custom2 *3

You can just dial *31 to change your status to Away in 3CX MyPhone

 

How to automatically update your 3CX My Phone Status when DND is Enabled or Disabled on your Snom Handset

How to automatically update your 3CX My Phone Status when DND is Enabled or Disabled on your Snom Handset

Access your Snom phones management GUI using a web browser and login as required.  Once you are logged in select Preferences from the left hand menu.  Scroll down until you see DND: “On Code” and “Off Code”

You will find these blank but can occupy them as follows

If you turn on DND on your Snom handset using the DND Key then the phone will send *31 to the 3CX Phone System and this will update your My Phone Extension Status to Away

If you turn off DND on your Snom handset using the DND key then the phone will send *30 to the 3CX Phone System and this will update your My Phone Extension Status to Available

You could also use *34 instead of *31 which is called “Out of Office 2” (Custom Profile 2) you can then then enter custom status text next to this profile so that you and others know you have turned on DND rather than just setting your status as Away or Out of Office by changing your status manually in 3CX My Phone.