Vulnerability Description
3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX DesktopApp Electron macOS application.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| 3Cx | 3Cx | 18.11.1213 |
References
- https://cwe.mitre.org/data/definitions/506.htmlTechnical Description
- https://news.sophos.com/en-us/2023/03/29/3cx-dll-sideloading-attack/ExploitTechnical DescriptionThird Party Advisory
- https://www.3cx.com/blog/news/desktopapp-security-alert/Vendor Advisory
- https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusiExploitThird Party Advisory
- https://www.fortinet.com/blog/threat-research/3cx-desktop-app-compromisedExploitThird Party Advisory
- https://www.huntress.com/blog/3cx-voip-software-compromise-supply-chain-threatsExploitThird Party Advisory
- https://cwe.mitre.org/data/definitions/506.htmlTechnical Description
- https://news.sophos.com/en-us/2023/03/29/3cx-dll-sideloading-attack/ExploitTechnical DescriptionThird Party Advisory
- https://www.3cx.com/blog/news/desktopapp-security-alert/Vendor Advisory
- https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusiExploitThird Party Advisory
- https://www.fortinet.com/blog/threat-research/3cx-desktop-app-compromisedExploitThird Party Advisory
- https://www.huntress.com/blog/3cx-voip-software-compromise-supply-chain-threatsExploitThird Party Advisory
FAQ
What is CVE-2023-29059?
CVE-2023-29059 is a vulnerability with a CVSS score of 7.8 (HIGH). 3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application s...
How severe is CVE-2023-29059?
CVE-2023-29059 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-29059?
Check the references section above for vendor advisories and patch information. Affected products include: 3Cx 3Cx.