CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-14935

3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 8.9%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 4.6

References

https://www.3cx.com/community/threads/security-issue-with-3cx-windows-client-install.64432/
https://www.3cx.com/community/threads/security-issue-with-3cx-windows-client-install.64432/

Products affected by CVE-2019-14935

3cx » 3cx » Version: 15

cpe:2.3:a:3cx:3cx:15
Microsoft » Windows » Version: N/A

cpe:2.3:o:microsoft:windows:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-14935

Products

Pricing

Contact Us