December 18, 2023 at 05:30AM
3CX advises customers to disable SQL database integrations due to a vulnerability impacting versions 18 and 20. Only 0.25% of users are affected, but MongoDB, MsSQL, MySQL, and PostgreSQL integrations should be disabled as a precaution. Web-based CRM integrations are not affected. No technical details on the security defect are provided.
Key takeaways from the meeting notes:
– 3CX is urging customers to disable SQL database integrations due to a vulnerability in certain configurations affecting versions 18 and 20.
– Only 0.25% of the user base have the SQL integration, primarily meant for on-premise firewall secured networks.
– Customers using MongoDB, MsSQL, MySQL, and PostgreSQL databases should disable their SQL integrations as a precautionary measure.
– Instructions on how to disable the integration include navigating to the Settings section of the management console and setting the CRM option to ‘None’.
– Web-based CRM integrations are not affected, and technical details on the security defect are yet to be provided.
– There was a previous supply chain attack on 3CX’s Windows and macOS build environments due to a trojanized application being downloaded.
– Over 600,000 companies worldwide are using 3CX’s VoIP software.
Let me know if you need more information or further assistance.