CVE-2020-15843

Name of the Vulnerable Software and Affected Versions ActFax version 7.10 Build 0335

Description The issue arises from insecure folder permissions on certain directories, allowing "Full Control" to "Everyone". This can be exploited by an authenticated local attacker to replace the TSClientB.exe binary, which is executed on logon for every user, or to replace binaries in other directories, potentially requiring additional user interaction.

Recommendations For ActFax version 7.10 Build 0335, consider restricting the folder permissions on the %PROGRAMFILES%ActiveFaxClient, %PROGRAMFILES%ActiveFaxInstall, and %PROGRAMFILES%ActiveFaxTerminal directories to prevent unauthorized access and modification of the binaries, such as TSClientB.exe, until a patch is available.