CVE-2023-29059 - Code injection

Significant

Remediate Within one Month

CVE Information|Basic Analysis|Framework Mapping|Web Framework Mapping|Compliance

CVE Information

Original CVE data

Published: March 30, 2023

Updated: April 10, 2023

3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX DesktopApp Electron macOS application.

CWE:

CVSS v2-

CVSS v37.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

https://cwe.mitre.org/data/definitions/506.html

https://www.3cx.com/blog/news/desktopapp-security-alert/

https://www.fortinet.com/blog/threat-research/3cx-desktop-app-compromised

https://www.huntress.com/blog/3cx-voip-software-compromise-supply-chain-threats

https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/

https://news.sophos.com/en-us/2023/03/29/3cx-dll-sideloading-attack/

Affected Vendors

3cx - (1)

More vulnerabilities from 3cx

Basic Analysis

Common vulnerability metrics

Vulnerabilty type as detected by PRIOⁿengine

Code injection

CVSS Scores as calculated by PRIOⁿengine

CVSS v26.8

AV:N/AC:M/AU:N/C:P/I:P/A:P

CVSS v37.8

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

MITRE CWE Top 25

Exploits

No exploit code is reported to exist.

Active Exploitation

Vulnerability is not in CISA's Known Exploited Vulnerabilities (KEV) catalog. See the KEV Catalog

Social Network Activity

Vulnerability is mentioned or trending in social media.

Threat Actor Activity

Vulnerability is being actively exploited by threat actors during campaigns.

Cybersecurity Frameworks

How the vulnerability maps against various cybersecurity frameworks

Compliance Impact

How the submited vulnerability affects compliance

Web Application Security Frameworks

Applicable if the issue likely affects a web application