Security Bulletin: 3CX Voice Over Internet Protocol (VOIP) Desktop Client Supply Chain Attack

Audience
Public
Product
FlashBlade
FlashArray
Content Type
Source Type
Common Vulnerabilities and Exposures (CVE)

Security Bulletin: 3CX Voice Over Internet Protocol (VOIP) Desktop Client Supply Chain Attack

Vulnerability Status: Final Source: Third Party / OSS Initial Publication Date: 2023-03-30 Last Updated: 2026-06-25 06:26:08

Summary:

3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX DesktopApp Electron macOS application.


CVE#: CVE-2023-29059

Vulnerability score (v3): 7.8

Vector (v3): 3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity (v3): 2 - High

Product(s): FlashArray, FlashBlade

Version First Fixed: Not affected


References:

https://nvd.nist.gov/vuln/detail/CVE-2023-29059