Insecure Permissions in 3CX Phone 15 on Windows: Privilege Escalation Vulnerability

Insecure Permissions in 3CX Phone 15 on Windows: Privilege Escalation Vulnerability

CVE-2019-14935 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link.

Learn more about our Web Application Penetration Testing UK.