3CX DesktopApp Security Alert

PitzKey · March 30, 2023, 2:52pm

While this is absolutely not related to FreePBX, there are a lot of FreePBX admins who also administer 3CX systems

Report:

CISA Report:
https://www.cisa.gov/news-events/alerts/2023/03/30/supply-chain-attack-against-3cxdesktopapp

3CX CEO’s response:
https://www.3cx.com/community/threads/3cx-desktopapp-security-alert.119951/

The best way to go about this is to uninstall the app… We strongly recommend using our PWA client instead.

Also, when a user asked:

Hi Nick,

I have seen reports that the PBX instances themselves have also been compromised, is there any truth to this? or is it just the client app for windows?

I did not see a response to that…

jfinstrom · March 30, 2023, 3:30pm

I was about to share this. I’ve been looking over all of the data so far. One of the most concerning things is if you have passwords stored in your browser you can consider those compromised.

This is quite the rabbit hole.

system · April 30, 2023, 3:30pm

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.