CVE-2019-14935

Name of the Vulnerable Software and Affected Versions 3CX Phone version 15

Description The issue concerns insecure permissions on the installation directory, specifically the "%PROGRAMDATA%3CXPhone for WindowsPhoneApp" directory, which allows Full Control access for Everyone. This insecurity leads to privilege escalation due to a StartUp link.

Recommendations For version 15, consider restricting access to the "%PROGRAMDATA%3CXPhone for WindowsPhoneApp" directory to prevent Full Control access for Everyone, and review StartUp links for potential removal or modification to mitigate the risk of privilege escalation.