Conan.Chiles

**Name of the Vulnerable Software and Affected Versions** 3CX Phone version 15 **Description** The issue concerns insecure permissions on the installation directory, specifically the "%PROGRAMDATA%3CXPhone for WindowsPhoneApp" directory, which allows Full Control access for Everyone. This insecurity leads to privilege escalation due to a StartUp link. **Recommendations** For version 15, consider restricting access to the "%PROGRAMDATA%3CXPhone for WindowsPhoneApp" directory to prevent Full Control access for Everyone, and review StartUp links for potential removal or modification to mitigate the risk of privilege escalation.