3-CX Security Advisory: Disable your SQL Database Integrations
Posted on December 15th, 2023 by Pierre Jourdan, Security Pentesting, 3CX
Other CRM integrations are not affected.
Only 0.25% of our user base have sequel integrated. It's an old style integration meant for an on-premise firewall secured network. Nevertheless, if you are using an SQL Database integration it’s subject potentially to a vulnerability - depending upon the configuration. As a precautionary measure, and whilst we work on a solution to safely re-enable this integration, please follow the instructions below to disable it.
Temporarily Disable Until Further Notice
If you have one of these please disable temporarily until further notice.
Database MongoDB
Database MsSQL
Database MySQL
Database PostgreSQL
Note Important: All Web-Based CRM integrations are not affected.
Which 3CX Versions are Affected?
Version 18
Version 20
If you’re running Version 18 check if you’re using one of the integrations listed above.
You can do this from the Management Console / Settings / CRM. Set it to “None” and save.
If you’re running Version 20 see if you’re using one of the integrations listed above.
You can do this from Webclient / Admin Console / Integrations / CRM. Set it to “None” and save.
댓글