Insecure Permissions Allowing Privilege Escalation for 3CX Phone for Windows

description-logoDescription

3CX Phone 15 on Windows has insecure permissions on the \"%PROGRAMDATA%\\3CXPhone for Windows\\PhoneApp\" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link. And On 3CX 15.5.6354.2 devices, the parameter \"file\" in the request \"/api/RecordingList/download?file=\" allows full access to files on the server via path traversal.

affected-products-logoAffected Applications

3CX Phone for Windows

CVE References

CVE-2019-14935 CVE-2018-7654