#VU74216 Embedded malicious code (backdoor) in Electron Mac App and Electron Windows App - CVE-2023-29059

Cybersecurity Help s.r.o.

Published: 2023-03-30 | Updated: 2023-11-27

Vulnerability identifier: #VU74216

Vulnerability risk: Critical

CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: CVE-2023-29059

CWE-ID: CWE-506

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Electron Mac App
Client/Desktop applications / Messaging software
Electron Windows App
Client/Desktop applications / Messaging software

Vendor: 3CX

Description

The vulnerability allows a remote attacker to gain unauthorized access to the application.

The vulnerability exists due to presence of embedded malicious functionality in the application code (aka backdoor) that allows a remote attacker to gain unauthorized access to the application.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Electron Mac App: 18.11.1213 - 18.12.416

Electron Windows App: 18.12.407 - 18.12.416

External links
https://www.3cx.com/blog/news/desktopapp-security-alert/
https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/
https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/
https://success.trendmicro.com/dcx/s/solution/000292711?language=en_US

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

Latest bulletins with this vulnerability

Backdoor in 3CX Electron desktop app for Windows and Mac