As reported by several cybersecurity firms, enterprise communications software maker 3CX has fallen victim to a supply chain attack affecting multiple versions of its desktop app for Windows and macOS. The affected versions include 18.12.407 and 18.12.416 for Windows, and 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 for macOS. The incident has been assigned the CVE identifier CVE-2023-29059.
The company has announced that it is engaging the services of Mandiant, a cybersecurity firm owned by Google, to review the incident. Meanwhile, 3CX is urging its customers of self-hosted and on-premise versions of the software to update to version 18.12.422, which is the latest version available.
The attack on 3CX is believed to have resulted from a compromise of the company’s software build pipeline to distribute Windows and macOS versions of the app package or the poisoning of an upstream dependency. The scale of the attack is still unknown, but the incident highlights the need for all companies to take supply chain security seriously and to put in place robust measures to protect against such attacks.
If you are a customer of 3CX’s desktop app for Windows or macOS, it is strongly recommended that you update to version 18.12.422 as soon as possible to mitigate the risk of further harm. In addition, if you suspect that your system may have been compromised, you should take immediate steps to secure your system and seek professional advice from a reputable cybersecurity firm.
Action1 Script to Terminate All Running 3CXDesktop Processes
In response to the attack, Action1 has created a script that terminates all running 3CXDesktop processes and prevents their auto-launch at the next system reboot. The script is available in the Script Library of the Action1 platform and can be used by affected customers to protect their systems from further harm.
Here’s how to use the script:
1. Log in to your Action1 account.
2. Navigate to the Script Library and locate the “3CX Desktop Vulnerability Remediation” script.
3. Click on “Run Script” and select the endpoints that you want to update.