Target Policy

Structured Scope

• Asset Identifier

  Asset Type

  Max Severity

• 3CX Phone System

  ---

  1. Register on www.3cx.com using your **hackerone email address**. Confirm your email and follow the wizard to select a deployment type. (Please refer to our documentation for more information about each deployment type https://www.3cx.com/docs/manual/install/)

  2. **There might be new builds in the repository after you have installed it. If you find a vulnerability, before submitting it, make sure you update to the latest available version and ensure it is still valid. On linux you can manually update by running `apt update && apt upgrade` in your server's terminal.**

  3. For any additional technical documentation you can refer to our website.

  OTHER

  critical
• https://play.google.com/store/apps/details?id=com.tcx.sipphone14

  ---

  The 3CX App allows you to make and receive calls, schedule conferences, video call and chat with your team and customers from anywhere. You install the app and provision it by scanning your extension's QR code.

  User manual: https://www.3cx.com/user-manual/installation-android/

  GOOGLE_PLAY_APP_ID

  critical
• 3CX Live chat WordPress plugin

  ---

  This is a plugin that integrates 3CX Livechat into a WordPress site. A 3CX installation is required (On Premise or in the Cloud).

  Link to the plugin: https://wordpress.org/plugins/wp-live-chat-support/
  Link to the documentation: https://www.3cx.com/docs/manual/live-chat/

  OTHER

  medium
• 3CX SBC

  ---

  1. 3CX SBC requires an existing installation of 3CX Server.

  2. Use the following ISO instead to deploy 3CX SBC on-premise: https://downloads-global.3cx.com/downloads/debian12iso/debian-amd64-netinst-3cx.iso .

  3. In the 3CX Installer select 3CX SBC (not PBX)

  4. During the Installation you will be asked to enter the PBX FQDN and SBC key.

  5. **There might be new builds in the repository after you have installed it. If you find a vulnerability, before submitting it, make sure you update to the latest available version (both 3CX PBX and 3CX SBC) and ensure it is still valid. You can update by running `apt update && apt upgrade` in your server's terminal.**

  6. For any additional technical documentation you can refer to our website.

  DOWNLOADABLE_EXECUTABLES

  critical
• https://portal.3cx.com

  ---

  This is the portal where customers and partners can manage their 3CX account/license keys.

  URL

  critical
• https://apps.apple.com/us/app/3cx/id992045982

  ---

  The 3CX App allows you to make and receive calls, schedule conferences, video call and chat with your team and customers from anywhere. You install the app and provision it by scanning your extension's QR code.

  User manual: https://www.3cx.com/user-manual/installation-iphone/

  APPLE_STORE_APP_ID

  critical
• https://apps.microsoft.com/detail/3cx/9NW77489NGJ0

  ---

  The 3CX softphone app for Windows allows you to make calls, view the status of colleagues, chat, schedule a video conference and check voicemail from your desktop
  

  WINDOWS_APP_STORE_APP_ID

  critical

Target Scope Domains

• portal.3cx.com

• 1 Subdomain
• Download wordlist

Last Finished Scan: