3CX New Vulnerability

3CX is a popular provider of VOIP services, and CrowdStrike has recently identified a vulnerability in the 3CX Desktop App, which affects certain versions of the installed application. The currently known affected versions are:

Windows:

·       3cxdesktopapp-18.12.407.msi

·       3cxdesktopapp-18.12.416.msi

Mac:

·       3CXDesktopApp-18.11.1213.dmg

·       3cxdesktopapp-latest.dmg

If you're using any of these versions, it's advisable to close the app and uninstall it. However, you can still use the web client, which is the browser-based version of the softphone for the time being.

On the bright side, if you're using a different version of the phone system app or an older version like v12, v14, v16, and earlier versions of v18, you're good to go, and there's nothing you need to do at the moment.

As of 3/30/23, these are the current details regarding the vulnerability in the 3CX Desktop App. However, for further updates, it's advisable to keep an eye on the available resources.

CrowdStrike Analysis can be found here: https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/

3CX Formal Acknowledgement can be found here: https://www.3cx.com/blog/news/desktopapp-security-alert/

Additionally, we've created this video with bvoip CEO George Bardissi to in more detail: https://youtu.be/_QWzqHU5s_I

Bob Coppedge

About Bob Coppedge

Simplex-IT, CEO

Bob is the CEO of Simplex-IT. He has over 40 years’ experience in IT (Information Technology and in 2007 he created Simplex-IT to be the “good guys” in the IT world, specializing in making IT work for small to medium businesses and to “Simplify the Complex”. Bob is an industry leading expert with the ability to translate tech talk into everyday language. Bob has authored three books “The MSP’s Survival Guide to Co-Managed IT services”, “A CEO’s Survival Guide to Information Technology”, and his latest “I Don’t Want Your Job: Is Co-Managed IT services the Right fit for You?”. Bob regularly speaks at various national and area events, including IT Nation, DattoCon, Private Directors Association and more.

Connect with Bob on LinkedIn: https://www.linkedin.com/in/rlcoppedge/

Previous
Previous

6 Ways to Prevent The Most Common Source of Data Breaches

Next
Next

New Microsoft Outlook Vulnerability