3CX, a business communication company, has issued a security advisory urging its customers to disable SQL database integrations in certain configurations to prevent potential vulnerabilities. The advisory specifies that 3CX versions 18 and 20 are affected by an integration bug. While the company notes that only 0.25% of its user base has SQL integration, it recommends users of MongoDB, MsSQL, MySQL, and PostgreSQL databases to disable their SQL database integrations as a precautionary measure until a solution is developed.
According to 3CX, the integration bug could potentially lead to vulnerabilities, depending on the configuration. The affected integration is described as an “old-style integration meant for an on-premise firewall secured network.” To disable the integration, 3CX advises customers to navigate to the Settings section of the management console, access CRM, set the available option to ‘None,’ and save the modification. Notably, web-based CRM integrations are reported not to be affected by this issue.
While the security advisory emphasizes the temporary nature of this precaution, the company has not yet provided technical details on the identified security defect. The move to disable SQL database integrations aligns with best practices for safeguarding systems when potential vulnerabilities are identified, allowing organizations to mitigate risks while solutions are developed and implemented. Users are encouraged to stay informed about updates from 3CX regarding the resolution of this security concern.