3CX Desktop App Critical Vulnerability Alert

The Australian Cyber Security Centre has issued a warning about a new supply chain attack that has targeted a software company that provides VOIP softphone desktop capability. The provider’s own supply chain was compromised by a state-sponsored threat actor group, resulting in successful manipulation of the 3CX installation software and subsequent updates to the application.

It is crucial to note that updating the desktop app, available for both Windows and MacOS, could expose it to the updated vulnerable version of the app. Thus, ACSC advises removing any and all versions of the 3CX desktop application immediately. For customers that require VOIP capability, the web version of the service can be utilized until 3CX resolves the supply chain attack and returns to normal operations.

Security researchers have identified a 7-day delay with the affected software before vulnerabilities are opened and triggered. Thus, if there are any installed and affected versions of the app in your environment, your security teams and systems may not detect activity until the 7-day period has elapsed.

It is recommended that customers consult their security software vendors for advice and ensure their endpoint protection solutions are capable of detecting and preventing threat activity triggered by the affected versions of the 3CX software product.

We urge all customers who may have installed the 3CX desktop application to take immediate action to mitigate the risks posed by this attack.


ACSC Advice

Supply chain compromise of 3CX DesktopApp | Cyber.gov.au


We’re here to help

Data#3 has a wealth of experience in cyber security domains including vulnerability management, penetration testing, next-gen firewalls, intrusion prevention, security architecture and advisory, controls and compliance assessments, and Managed Security services, including SOC. Our full suite of security products and services can be found here.

If you require any assistance with managing CVE-2021-44228 vulnerability, please reach out to a cyber security specialist or contact your Data#3 account manager.


Tags: Cybersecurity, Endpoint Management, Information Security, supply chain attack



Information protection in an age of information theft

Managing and safeguarding data across various apps, clouds, and endpoints is an uphill battle. It’s led to organisations relying on…

Customer Story: Knight Frank

Cloud Transition an Azure Success Story for Knight Frank Download Customer Story Contact a Specialist Objective…

3CX Desktop App Critical Vulnerability Alert

The Australian Cyber Security Centre has issued a warning about a new supply chain attack that has targeted a…

Managed Services eBook
Your guide to Data#3 Managed Services

Digital disruption is causing significant changes in the workplace, leading to higher expectations for access, security, and support regardless of…

JuiceIT Guest Blog | How XDR can help when time is of the essence

The only thing worse than cyber threats is an inability to detect those threats in time. Organisations need the…

JuiceIT Guest Blog | Veeam Platform: Reliable and Fast Recovery from Ransomware in a Hybrid World.

Ransomware attacks have become a growing concern for organisations of all sizes in Australia and New Zealand, resulting in significant…

Customer Story: Pernod Ricard Winemakers

Azure Migration gives Pernod Ricard Greater Flexibility and Improved Performance Download Customer Story Contact a Specialist…

Why would you deploy SASE?
If Secure Access Software Edge (SASE) with Cisco Meraki is the destination, what does the journey to get there look like?

Firstly, let’s set the scene. The term SASE was first mentioned by Gartner Analysts in July 2019 and Gartner continues…