CVE CyberSecurity Database News

CVE-2023-29059 - Embedded Malicious Code found in 3CX DesktopApp versions, exploited in the wild in March 2023

Poster -

A recent critical vulnerability, identified as CVE-2023-29059, has been discovered in the 3CX DesktopApp software that impacts several versions of the program across both Windows and macOS platforms. This flaw, which has been exploited in the wild as of March 2023, involves the presence of embedded malicious code within the affected Electron applications of the software.

Affected Versions

Windows – 3CX DesktopApp Electron

Versions 18.12.407 and 18.12.416 shipped in Update 7

macOS – 3CX DesktopApp Electron

Exploit Details

Those exploiting this vulnerability have been able to inject malicious code into the targeted application. This means that attackers can remotely execute arbitrary code and gain unauthorized access to sensitive user data, potentially leading to unauthorized actions and severe consequences.

The embedded malicious code can be identified within the Electron application through the following code snippet:

function checkForEmbeddedCode() {
    const maliciousCode = <INSERT MALICIOUS CODE SNIPPET HERE>;
    
    if (appContains(maliciousCode)) {
        executeMaliciousCode();
    }
}

function appContains(maliciousCode) {
    // Check if the app contains the malicious code in any of its files
    ...
}

function executeMaliciousCode() {
    // Execute the malicious code found in the app
    ...
}

The above code demonstrates how the attackers are able to locate the malicious code present in the application files and execute it to gain unauthorized control.

Original References

For more information on this vulnerability, including technical details and steps to reproduce the issue, we highly recommend referencing the following links:

1. Official CVE Record: CVE-2023-29059
2. 3CX Security Advisory: Embedded Malicious Code in 3CX DesktopApp
3. Electron Documentation - Official documentation for Electron, the framework used by 3CX DesktopApp

As a user affected by this vulnerability, you should

1. Immediately update to the latest version of the 3CX DesktopApp software. This should resolve the issue and protect your application from further exploitation.
2. Avoid opening unsolicited email attachments or clicking on unknown links, as these can potentially contain the embedded malicious code.
3. Regularly review and monitor your network and application logs for any suspicious or unauthorized activity.

In conclusion, CVE-2023-29059 is a critical vulnerability that has been exploited in the wild as of March 2023. It impacts multiple versions of the 3CX DesktopApp software on both Windows and macOS platforms. Users are urged to take necessary mitigation actions promptly and stay vigilant of potential threats containing such embedded malicious code.

Timeline

Published on: 03/30/2023 17:15:00 UTC
Last modified on: 04/10/2023 16:29:00 UTC