发布于3月6日3月6日 Members 3CX: CVE-2023-29059: Desktop app backdoor Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/29/2023 Created 03/30/2023 Added 03/30/2023 Modified 04/12/2023 Description The 3CX desktop client available for Windows and Mac has been trojanised and is currently providing a backdoor in a in a suspected state-sponsored threat campaign. This check is flagging on the detection of the desktop app before 18.12.425 due to 3CX advising to avoid using the Electron App at all unless there is absolutely no alternative. Solution(s) 3cx-desktop-app-backdoor References https://attackerkb.com/topics/cve-2023-29059 CVE - 2023-29059 https://nvd.nist.gov/vuln/detail/CVE-2023-29059/ https://www.rapid7.com/blog/post/2023/03/30/backdoored-3cxdesktopapp-installer-used-in-active-threat-campaign/ https://www.3cx.com/blog/news/desktopapp-security-alert-updates/ https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack//
