Menu
As part of our 24×7 threat intelligence activities, our experts have noted a critical vulnerability compromising the 3CX desktop app.
CVE-2023-29059 – CVSS Score 10 – Critical
3CX Security Alert for Electron Windows App | Desktop App
This is a supply chain attack, the versions of 3CX desktop app, specifically 18.12.407 & 18.12.416, has had one of their libraries compromised. This compromised library was complied into the desktop app and has been used to sideload malware.
When the infected version is installed it will reach out to a C2 server and stage the Malware, likely an infostealer, that will harvest data from an infected machines user browser.
Affected vendors: 3CX, Microsoft, Apple
Affected resource: Windows
Currently, there are no mitigation steps, other than removing the affected versions. The issue with this is that the malware has likely been installed and done the job that was required of it. 3CX is urging customers to remove the infected version and has confirmed that an updated version is currently being worked on.
Remove the desktop version of 3CX and use the PWA client. However, it would be prudent to remain cautious of any software 3CX is operating until the full blast radius of the compromise is detailed.
