HIGH✓ PATCH🇬🇧 English

CVE-2020-16268

CVSS 8.8v3.1pub. 2020-12-29upd. 2024-11-21

The MSI installer in 1E Client 4.1.0.267 and 5.0.0.745 allows remote authenticated users and local users to gain elevated privileges via the repair option. This applies to installations that have a TRANSFORM (MST) with the option to disable the installation of the Nomad module. An attacker may craft a .reg file in a specific location that will be able to write to any registry key as an elevated user.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • 1e Client

    APP
    1E
    4.1.0.2675.0.0.745
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2023-45159HIGH8.4ten sam produkt

1E Client installer can perform arbitrary file deletion on protected files.   A non-privileged user could pro...

CVE-2023-45160HIGH8.8ten sam produkt

In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files...

CVE-2020-27644HIGH8.8ten sam produkt

The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\...

CVE-2020-27645HIGH8.8ten sam produkt

The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\...

CVE-2020-27643MEDIUM6.5ten sam produkt

The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticated users a...