Lucene search

K
nvd[email protected]NVD:CVE-2023-29059
HistoryMar 30, 2023 - 5:15 p.m.

CVE-2023-29059

2023-03-3017:15:06
web.nvd.nist.gov
1
cve-2023-29059
3cx desktopapp
electron windows
electron macos
update 7
malicious code

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.2%

3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX DesktopApp Electron macOS application.

Affected configurations

NVD
Node
3cx3cxMatch18.11.1213macos
OR
3cx3cxMatch18.12.402macos
OR
3cx3cxMatch18.12.407macos
OR
3cx3cxMatch18.12.407windows
OR
3cx3cxMatch18.12.416macos
OR
3cx3cxMatch18.12.416windows

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.2%