Login Sign Up

CVE-2023-29059

7.8 HIGH

📋 TL;DR

CVE-2023-29059 involves malicious code embedded in 3CX DesktopApp versions, enabling supply chain attacks. This allows attackers to execute arbitrary code on affected systems through DLL sideloading. Organizations using the compromised 3CX DesktopApp versions are affected.

💻 Affected Systems

Products:
  • 3CX DesktopApp
Versions: Windows: 18.12.407 through 18.12.416; macOS: 18.11.1213, 18.12.402, 18.12.407, 18.12.416
Operating Systems: Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Electron-based applications shipped in Update 7; exploitation observed in March 2023.

📦 What is this software?

3cx by 3cx

View all CVEs affecting 3cx →

3cx by 3cx

View all CVEs affecting 3cx →

3cx by 3cx

View all CVEs affecting 3cx →

3cx by 3cx

View all CVEs affecting 3cx →

3cx by 3cx

View all CVEs affecting 3cx →

3cx by 3cx

View all CVEs affecting 3cx →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise leading to data exfiltration, ransomware deployment, and lateral movement across the network.

🟠

Likely Case

Initial access leading to information stealing, credential harvesting, and installation of additional malware.

🟢

If Mitigated

Limited impact with proper endpoint protection detecting malicious behavior and network segmentation containing lateral movement.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Actively exploited in the wild via DLL sideloading; exploitation requires user interaction to launch the compromised application.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 18.12.422 or later

Vendor Advisory: https://www.3cx.com/blog/news/desktopapp-security-alert/

Restart Required: Yes

Instructions:

1. Uninstall affected 3CX DesktopApp versions. 2. Download and install version 18.12.422 or later from the official 3CX website. 3. Restart the system.

🔧 Temporary Workarounds

Application Removal

windows

Uninstall affected 3CX DesktopApp versions to eliminate the vulnerability.

Control Panel > Programs > Uninstall a program > Select 3CX DesktopApp > Uninstall

Endpoint Protection Rules

all

Configure endpoint security to block execution of malicious DLLs associated with 3CX DesktopApp.

🧯 If You Can't Patch

  • Isolate affected systems from critical network segments to limit lateral movement.
  • Implement application allowlisting to prevent execution of unauthorized binaries.

🔍 How to Verify

Check if Vulnerable:

Check the installed version of 3CX DesktopApp via the application's About section or system installed programs list.

Check Version:

On Windows: Check in 'Apps & features' or run 'wmic product where name="3CX DesktopApp" get version'. On macOS: Check in Applications folder or use terminal commands specific to the app.

Verify Fix Applied:

Confirm the installed version is 18.12.422 or later and verify no suspicious DLLs are present in the application directory.

📡 Detection & Monitoring

Log Indicators:

  • Unusual process creation from 3CX DesktopApp directory
  • DLL loading events from non-standard paths

Network Indicators:

  • Outbound connections to suspicious IPs or domains from 3CX processes
  • Unusual DNS queries

SIEM Query:

Process creation where parent process contains '3CX' AND (command line contains 'dll' OR image path contains suspicious DLL names)

📊 Metadata

CVE ID: CVE-2023-29059
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Published: March 30, 2023
Last Updated: May 5, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON