Back to KEVs

CVE-2023-29059

3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416...

Basic Information

CVE State
PUBLISHED
Reserved Date
March 30, 2023
Published Date
March 30, 2023
Last Updated
August 02, 2024
Vendor
n/a
Product
n/a
Description
3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX DesktopApp Electron macOS application.
Tags
windows macos

CVSS Scores

CVSS v3.1

7.8 - HIGH

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploit Status

Exploited in the Wild
Yes (2023-03-30 00:00:00 UTC) Source

References

https://cwe.mitre.org/data/definitions/506.html https://www.3cx.com/blog/news/desktopapp-security-alert/ https://www.fortinet.com/blog/threat-research/3cx-desktop-app-compromised https://www.huntress.com/blog/3cx-voip-software-compromise-supply-chain-threats https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/ https://news.sophos.com/en-us/2023/03/29/3cx-dll-sideloading-attack/

Known Exploited Vulnerability Information

Source Added Date
CVE 2023-03-30 00:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel