Medium severity6.5NVD Advisory· Published Oct 18, 2017· Updated May 13, 2026

CVE-2017-15359

Description

In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInfo?file=" are the vulnerable parameters. An attacker must be authenticated to exploit this issue to access sensitive information to aid in subsequent attacks.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

seclists.org/fulldisclosure/2017/Oct/37nvdMailing ListThird Party Advisory
www.exploit-db.com/exploits/42991/nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.008
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000