CyberSec.Space Logo
Back to CVE Browser

CVE-2019-14935

HIGH
7.8
CVSS Severity Score
EPSS Score0.1370%
EPSS Percentile13.17th
PublishedAug 12, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link.

Affected Platforms (CPE)

📦
3cx

3cx

= 15

References & Advisories

🔗 https://www.3cx.com/community/threads/security-issue-with-3cx-windows-client-install.64432/
🔗 https://www.3cx.com/community/threads/security-issue-with-3cx-windows-client-install.64432/

Related Vulnerabilities

CVE-2021-454909.1

The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL ce...

CVE-2019-99728.8

PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated attacker to run arbitrary...

CVE-2019-99718.8

PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an attacker to gain root privileges by usi...

CVE-2008-68957.8

3CX Phone System 6.0.806.0 allows remote attackers to cause a denial of service (unstable service or crash) via unspecified vector...