CVE-2022-48483: 
3CX 3CXPhone vulnerability analysis and mitigation

3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthenticated remote attackers to read %WINDIR%\system32 files via /Electron/download directory traversal in conjunction with a path component that has a drive letter and uses backslash characters. This vulnerability was discovered in March 2022 and exists because of an incomplete fix for CVE-2022-28005 (NVD, MITRE).

The vulnerability is a directory traversal issue that allows attackers to bypass path restrictions. The attack involves using Windows-specific path formatting with a drive letter followed by a colon without a following backslash. This special case in Windows file paths allows attackers to read files under C:\Windows\System32 and its subdirectories from an unauthenticated context. The issue was introduced due to incomplete input validation in the IsVulnerablePath function, which failed to properly handle certain Windows path formats (Security Blog).

The vulnerability allows unauthenticated remote attackers to read sensitive system files from the Windows system32 directory. This access could potentially expose critical system information and sensitive data to attackers (Security Blog).

The vulnerability was fixed in 3CX Version 18, Hotfix 1, Build 18.0.3.461 released in March 2022. Users should upgrade to this version or later to protect against this vulnerability (3CX Changelog).