3Cx · 3Cx Phone · CVE-2019-14935
**Name of the Vulnerable Software and Affected Versions**
3CX Phone version 15
**Description**
The issue concerns insecure permissions on the installation directory, specifically the "%PROGRAMDATA%3CXPhone for WindowsPhoneApp" directory, which allows Full Control access for Everyone. This insecurity leads to privilege escalation due to a StartUp link.
**Recommendations**
For version 15, consider restricting access to the "%PROGRAMDATA%3CXPhone for WindowsPhoneApp" directory to prevent Full Control access for Everyone, and review StartUp links for potential removal or modification to mitigate the risk of privilege escalation.