CVE-2023-29059

Name of the Vulnerable Software and Affected Versions 3CX DesktopApp versions 18.11.1213 through 18.12.416 3CX DesktopApp Electron Windows application versions 18.12.407 through 18.12.416 3CX DesktopApp Electron macOS application versions 18.11.1213 through 18.12.416

Description The 3CX DesktopApp has embedded malicious code, which has been exploited in the wild in March 2023. This issue affects the Electron Windows and macOS applications. The malicious code allows a remote attacker to execute arbitrary code. There have been real-world incidents where this issue was exploited, with reports of a backdoor being installed on some machines, potentially as part of a targeted attack. The estimated number of affected devices is not specified, but it is reported that the attackers targeted their victims with precision.

Recommendations For 3CX DesktopApp versions 18.11.1213 through 18.12.416, update to a version later than 18.12.416 to resolve the issue. For 3CX DesktopApp Electron Windows application versions 18.12.407 through 18.12.416, update to a version later than 18.12.416 to resolve the issue. For 3CX DesktopApp Electron macOS application versions 18.11.1213 through 18.12.416, update to a version later than 18.12.416 to resolve the issue. As a temporary workaround, consider restricting access to the affected applications until a patch is available.