CVE-2019-14935

3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:3cx:3cx:15:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-08-12 00:15

Updated : 2024-02-04 20:20


NVD link : CVE-2019-14935

Mitre link : CVE-2019-14935

CVE.ORG link : CVE-2019-14935


JSON object : View

Products Affected

3cx

  • 3cx

microsoft

  • windows
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource