3CX New Vulnerability
3CX is a popular provider of VOIP services, and CrowdStrike has recently identified a vulnerability in the 3CX Desktop App, which affects certain versions of the installed application. The currently known affected versions are:
Windows:
· 3cxdesktopapp-18.12.407.msi
· 3cxdesktopapp-18.12.416.msi
Mac:
· 3CXDesktopApp-18.11.1213.dmg
· 3cxdesktopapp-latest.dmg
If you're using any of these versions, it's advisable to close the app and uninstall it. However, you can still use the web client, which is the browser-based version of the softphone for the time being.
On the bright side, if you're using a different version of the phone system app or an older version like v12, v14, v16, and earlier versions of v18, you're good to go, and there's nothing you need to do at the moment.
As of 3/30/23, these are the current details regarding the vulnerability in the 3CX Desktop App. However, for further updates, it's advisable to keep an eye on the available resources.
CrowdStrike Analysis can be found here: https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/
3CX Formal Acknowledgement can be found here: https://www.3cx.com/blog/news/desktopapp-security-alert/
Additionally, we've created this video with bvoip CEO George Bardissi to in more detail: https://youtu.be/_QWzqHU5s_I