Insecure Permissions Allowing Privilege Escalation for 3CX Phone for Windows
Description
3CX Phone 15 on Windows has insecure permissions on the \"%PROGRAMDATA%\\3CXPhone for Windows\\PhoneApp\" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link. And On 3CX 15.5.6354.2 devices, the parameter \"file\" in the request \"/api/RecordingList/download?file=\" allows full access to files on the server via path traversal.
Affected Applications
3CX Phone for Windows