CVE-2023-29059

2023-03-3017:15:06

[email protected]

web.nvd.nist.gov

cve-2023-29059

3cx desktopapp

electron windows

electron macos

update 7

malicious code

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

17.3%

JSON

3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX DesktopApp Electron macOS application.

Affected configurations

Nvd

Node

3cx3cxMatch18.11.1213macos

3cx3cxMatch18.12.402macos

3cx3cxMatch18.12.407macos

3cx3cxMatch18.12.407windows

3cx3cxMatch18.12.416macos

3cx3cxMatch18.12.416windows

VendorProductVersionCPE
3cx3cx18.11.1213cpe:2.3:a:3cx:3cx:18.11.1213:*:*:*:*:macos:*:*
3cx3cx18.12.402cpe:2.3:a:3cx:3cx:18.12.402:*:*:*:*:macos:*:*
3cx3cx18.12.407cpe:2.3:a:3cx:3cx:18.12.407:*:*:*:*:macos:*:*
3cx3cx18.12.407cpe:2.3:a:3cx:3cx:18.12.407:*:*:*:*:windows:*:*
3cx3cx18.12.416cpe:2.3:a:3cx:3cx:18.12.416:*:*:*:*:macos:*:*
3cx3cx18.12.416cpe:2.3:a:3cx:3cx:18.12.416:*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
3cx	3cx	18.11.1213	cpe:2.3:a:3cx:3cx:18.11.1213:::::macos::
3cx	3cx	18.12.402	cpe:2.3:a:3cx:3cx:18.12.402:::::macos::
3cx	3cx	18.12.407	cpe:2.3:a:3cx:3cx:18.12.407:::::macos::
3cx	3cx	18.12.407	cpe:2.3:a:3cx:3cx:18.12.407:::::windows::
3cx	3cx	18.12.416	cpe:2.3:a:3cx:3cx:18.12.416:::::macos::
3cx	3cx	18.12.416	cpe:2.3:a:3cx:3cx:18.12.416:::::windows::