Security Bulletin Affecting out of Date Versions of v11, v12, v12.5

Older, not updated versions 3CX Phone System v11, v12 & v12.5 installations have a security vulnerability that requires administrators to update their system to stay secure if the phone system is directly connected to the internet. In certain cases advanced hackers can gain access to the management console. It is therefore imperative that the latest service packs are applied as detailed below. This is not a new vulnerability but a reminder to update for those who have ignored earlier communications.

Suggested Action

V11 Versions below and including SP4A (build number 30295 released May 09, 2014) should update to the latest service pack 4B Build Number 30296 (Released, July 23, 2015) immediately. Refer to this link for more information http://www.3cx.com/blog/releases/phone-system-12-5-sp1/

V12 Versions below and including SP6.1 (build number 37098 released August 25, 2014) should update to the latest service pack 6.2 Build Number 41311 (Released, July 23, 2015) immediately. Refer to this link for more information http://www.3cx.com/blog/releases/phone-system-12-5-sp1/

V12.5 Versions below and including SP1 (build number 41543 released April 29, 2015) should update to the latest service pack 2 Build Number 44178 (Released, July 27, 2015) immediately. Refer to this link for more information http://www.3cx.com/blog/releases/125-service-pack-2/

Please note that we do not test or update versions v10 or older. Running such old software is bad security practice in the first place.

Liked this article?


Get notified of new articles
or share
You might also be interested in: