Vulnerabilities > CVE-2023-29059 - Unspecified vulnerability in 3CX

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

3cx

NVD

Published: 2023-03-30

Updated: 2023-04-10

Summary

3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX DesktopApp Electron macOS application.

Vulnerable Configurations

Part	Description	Count
Application	3Cx 3CX 3CX 18.12.407 3CX 3CX 18.12.416 3CX 3CX 18.12.402 3CX 3CX 18.11.1213	6

References

https://cwe.mitre.org/data/definitions/506.html
https://www.3cx.com/blog/news/desktopapp-security-alert/
https://www.fortinet.com/blog/threat-research/3cx-desktop-app-compromised
https://www.huntress.com/blog/3cx-voip-software-compromise-supply-chain-threats
https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/
https://news.sophos.com/en-us/2023/03/29/3cx-dll-sideloading-attack/