MEDIUM✓ PATCH🇬🇧 English

CVE-2020-27643

CVSS 6.5v3.1pub. 2020-12-29upd. 2024-11-21

The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticated users and local users to create and modify files in protected directories (where they would not normally have access to create or modify files) via the creation of a junction point to a system directory. This leads to partial privilege escalation.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
  • 1e Client

    APP
    1E
    4.1.0.2675.0.0.745
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
LPE
CWE
Referencje

Powiązane podatności

CVE-2023-45159HIGH8.4ten sam produkt

1E Client installer can perform arbitrary file deletion on protected files.   A non-privileged user could pro...

CVE-2023-45160HIGH8.8ten sam produkt

In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files...

CVE-2020-16268HIGH8.8ten sam produkt

The MSI installer in 1E Client 4.1.0.267 and 5.0.0.745 allows remote authenticated users and local users to ga...

CVE-2020-27644HIGH8.8ten sam produkt

The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\...

CVE-2020-27645HIGH8.8ten sam produkt

The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\...