7.8

CVE-2023-29059

Exploit
3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX DesktopApp Electron macOS application.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
3cx3cx Version18.11.1213 SwPlatformmacos
3cx3cx Version18.12.402 SwPlatformmacos
3cx3cx Version18.12.407 SwPlatformmacos
3cx3cx Version18.12.407 SwPlatformwindows
3cx3cx Version18.12.416 SwPlatformmacos
3cx3cx Version18.12.416 SwPlatformwindows
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.461
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
https://news.sophos.com/en-us/2023/03/29/3cx-dll-sideloading-attack/
Third Party Advisory
Exploit
Technical Description