Vulnerability detail
Enriched intelligence for a single CVE
High
CVE-2023-29059
PUBLISHED3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416...
- Vendor
- 3CX
- Product
- DesktopApp
- Published
- Mar 30, 2023
- EPSS
- —
Description
3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX DesktopApp Electron macOS application.
CVSS scores
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitation status
Exploited in the wild
Recorded 2023-03-30 00:00:00 UTC · Source
References
- https://cwe.mitre.org/data/definitions/506.html
- https://www.3cx.com/blog/news/desktopapp-security-alert/
- https://www.fortinet.com/blog/threat-research/3cx-desktop-app-compromised
- https://www.huntress.com/blog/3cx-voip-software-compromise-supply-chain-threats
- https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/
- https://news.sophos.com/en-us/2023/03/29/3cx-dll-sideloading-attack/
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CVE | Mar 30, 2023 |
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel