First published: Thu Mar 30 2023(Updated: )
3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX DesktopApp Electron macOS application.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
3cx 3cx | =18.11.1213 | |
3cx 3cx | =18.12.402 | |
3cx 3cx | =18.12.407 | |
3cx 3cx | =18.12.407 | |
3cx 3cx | =18.12.416 | |
3cx 3cx | =18.12.416 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-29059 is a vulnerability in the 3CX DesktopApp through version 18.12.416 that has embedded malicious code.
Versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX DesktopApp are affected.
The severity of CVE-2023-29059 is high, with a severity score of 7.8.
To fix CVE-2023-29059, it is recommended to update to a version of 3CX DesktopApp that is not affected, such as version 18.12.417 or later.
You can find more information about CVE-2023-29059 at the following references: [Reference 1](https://cwe.mitre.org/data/definitions/506.html), [Reference 2](https://news.sophos.com/en-us/2023/03/29/3cx-dll-sideloading-attack/), [Reference 3](https://www.3cx.com/blog/news/desktopapp-security-alert/)