Details of VAR-202303-2580

ID

VAR-202303-2580

CVE

CVE-2023-29059

TITLE

3CX multiple of OS for 3cx Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-006580

DESCRIPTION

3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX DesktopApp Electron macOS application. 3CX multiple of OS for 3cx Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-29059 // JVNDB: JVNDB-2023-006580 // VULMON: CVE-2023-29059

AFFECTED PRODUCTS

vendor:	3cx	model:	3cx	scope:	eq	version:	18.12.407	Trust: 1.8
vendor:	3cx	model:	3cx	scope:	eq	version:	18.12.402	Trust: 1.8
vendor:	3cx	model:	3cx	scope:	eq	version:	18.11.1213	Trust: 1.8
vendor:	3cx	model:	3cx	scope:	eq	version:	18.12.416	Trust: 1.8
vendor:	3cx	model:	3cx	scope:	eq	version:	-	Trust: 0.8
vendor:	3cx	model:	3cx	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-006580 // NVD: CVE-2023-29059

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-29059
value:	HIGH
Trust: 1.0
NVD:	CVE-2023-29059
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202303-2681
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2023-29059
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2023-29059
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-006580 // CNNVD: CNNVD-202303-2681 // NVD: CVE-2023-29059

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-006580 // NVD: CVE-2023-29059

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202303-2681

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202303-2681

PATCH

title:

3CX Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=231833

Trust: 0.6

sources: CNNVD: CNNVD-202303-2681

EXTERNAL IDS

db:	NVD	id:	CVE-2023-29059	Trust: 3.3
db:	JVNDB	id:	JVNDB-2023-006580	Trust: 0.8
db:	CNNVD	id:	CNNVD-202303-2681	Trust: 0.6
db:	VULMON	id:	CVE-2023-29059	Trust: 0.1

sources: VULMON: CVE-2023-29059 // JVNDB: JVNDB-2023-006580 // CNNVD: CNNVD-202303-2681 // NVD: CVE-2023-29059

REFERENCES

url:	https://cwe.mitre.org/data/definitions/506.html	Trust: 2.5
url:	https://www.3cx.com/blog/news/desktopapp-security-alert/	Trust: 2.5
url:	https://www.fortinet.com/blog/threat-research/3cx-desktop-app-compromised	Trust: 2.5
url:	https://www.huntress.com/blog/3cx-voip-software-compromise-supply-chain-threats	Trust: 2.5
url:	https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/	Trust: 2.5
url:	https://news.sophos.com/en-us/2023/03/29/3cx-dll-sideloading-attack/	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2023-29059	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2023-29059/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2023-29059 // JVNDB: JVNDB-2023-006580 // CNNVD: CNNVD-202303-2681 // NVD: CVE-2023-29059

SOURCES

db:	VULMON	id:	CVE-2023-29059
db:	JVNDB	id:	JVNDB-2023-006580
db:	CNNVD	id:	CNNVD-202303-2681
db:	NVD	id:	CVE-2023-29059

LAST UPDATE DATE

2024-08-14T14:49:12.020000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2023-29059	date:	2023-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2023-006580	date:	2023-11-15T07:31:00
db:	CNNVD	id:	CNNVD-202303-2681	date:	2023-04-11T00:00:00
db:	NVD	id:	CVE-2023-29059	date:	2023-04-10T16:29:50.317

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2023-29059	date:	2023-03-30T00:00:00
db:	JVNDB	id:	JVNDB-2023-006580	date:	2023-11-15T00:00:00
db:	CNNVD	id:	CNNVD-202303-2681	date:	2023-03-30T00:00:00
db:	NVD	id:	CVE-2023-29059	date:	2023-03-30T17:15:06.830