QwikSec

Security Database

CVE

CWE

Training

CVE-2023-29059

Published: Mar 30, 2023

Modified: May 5, 2025

PUBLISHED

Description

3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX DesktopApp Electron macOS application.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://cwe.mitre.org/data/definitions/506.html

https://www.3cx.com/blog/news/desktopapp-security-alert/

https://www.fortinet.com/blog/threat-research/3cx-desktop-app-compromised

https://www.huntress.com/blog/3cx-voip-software-compromise-supply-chain-threats

https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/

https://news.sophos.com/en-us/2023/03/29/3cx-dll-sideloading-attack/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.