Search criteria
12 vulnerabilities by 1E
CVE-2025-1683 (GCVE-0-2025-1683)
Vulnerability from cvelistv5 – Published: 2025-03-12 15:25 – Updated: 2025-06-18 18:40
VLAI?
Summary
Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on a Windows system to delete arbitrary files on the device by exploiting symbolic links.
Severity ?
7.8 (High)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
Impacted products
Credits
Simeon Bunchev
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1683",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T15:40:48.449073Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T15:36:42.467Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Nomad",
"1EContentDistributionTools-NomadBranchTools"
],
"platforms": [
"Windows"
],
"product": "1E Client",
"vendor": "1E",
"versions": [
{
"changes": [
{
"at": "MSP-Q23583",
"status": "unaffected"
},
{
"at": "MSP-Q23591",
"status": "unaffected"
}
],
"lessThanOrEqual": "24.5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSP-Q23589",
"status": "unaffected"
},
{
"at": "MSP-Q23591",
"status": "unaffected"
}
],
"lessThanOrEqual": "25.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "25.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Simeon Bunchev"
}
],
"datePublic": "2025-03-12T14:32:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cp\u003eImproper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on a Windows system to delete arbitrary files on the device by exploiting symbolic links.\u003c/p\u003e\u003c/div\u003e"
}
],
"value": "Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on a Windows system to delete arbitrary files on the device by exploiting symbolic links."
}
],
"impacts": [
{
"capecId": "CAPEC-27",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-27 Leveraging Race Conditions via Symbolic Links"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T18:40:59.816Z",
"orgId": "4a68d2b9-b68a-4765-95bd-17f35092666b",
"shortName": "1E"
},
"references": [
{
"url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/1e-2025-2001/"
},
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1683"
},
{
"url": "https://cwe.mitre.org/data/definitions/59.html"
},
{
"url": "https://capec.mitre.org/data/definitions/27.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Symbolic Link Exploit in 1E Client\u0027s - Nomad module allows Arbitrary File Deletion",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4a68d2b9-b68a-4765-95bd-17f35092666b",
"assignerShortName": "1E",
"cveId": "CVE-2025-1683",
"datePublished": "2025-03-12T15:25:27.765Z",
"dateReserved": "2025-02-25T10:27:23.761Z",
"dateUpdated": "2025-06-18T18:40:59.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7211 (GCVE-0-2024-7211)
Vulnerability from cvelistv5 – Published: 2024-08-01 16:49 – Updated: 2025-06-18 18:41
VLAI?
Summary
The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users.
Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix.
Severity ?
4.7 (Medium)
CWE
- URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| 1E | 1E Platform |
Affected:
24.7
Affected: 23.11.1.15 Affected: 23.7.1.80 Affected: 8.4.1.229 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7211",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T17:33:30.440960Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T16:24:43.124Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "1E Platform",
"vendor": "1E",
"versions": [
{
"status": "affected",
"version": "24.7"
},
{
"status": "affected",
"version": "23.11.1.15"
},
{
"status": "affected",
"version": "23.7.1.80"
},
{
"status": "affected",
"version": "8.4.1.229"
}
]
}
],
"datePublic": "2024-08-01T14:35:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctt\u003e\u003ctt\u003eThe 1E Platform\u0027s component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users.\u003cbr\u003e\u003cbr\u003eNote: 1E Platform\u0027s component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix.\u003cbr\u003e\u003cbr\u003e\u003c/tt\u003e\u003c/tt\u003e"
}
],
"value": "The 1E Platform\u0027s component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users.\n\nNote: 1E Platform\u0027s component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T18:41:03.926Z",
"orgId": "4a68d2b9-b68a-4765-95bd-17f35092666b",
"shortName": "1E"
},
"references": [
{
"url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/1e-2024-2001/"
}
],
"source": {
"advisory": "CVE-2024-39694",
"discovery": "EXTERNAL"
},
"title": "The Duende Identity Server based component in 1E Platform may allow URL redirections to untrusted websites.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4a68d2b9-b68a-4765-95bd-17f35092666b",
"assignerShortName": "1E",
"cveId": "CVE-2024-7211",
"datePublished": "2024-08-01T16:49:47.597Z",
"dateReserved": "2024-07-29T16:05:07.068Z",
"dateUpdated": "2025-06-18T18:41:03.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5964 (GCVE-0-2023-5964)
Vulnerability from cvelistv5 – Published: 2023-11-06 12:27 – Updated: 2025-06-12 14:19
VLAI?
Summary
The 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This instruction only runs on Windows clients.
To remediate this issue DELETE the instruction “Show dialogue with caption %Caption% and message %Message%” from the list of instructions in the Settings UI, and replace it with the new instruction 1E-Exchange-ShowNotification instruction available in the updated End-User Interaction product pack. The new instruction should show as “Show %Type% type notification with header %Header% and message %Message%” with a version of 7.1 or above.
Severity ?
9.9 (Critical)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Credits
Lockheed Martin red team
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:25.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://exchange.1e.com/product-packs/end-user-interaction/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.1e.com/trust-security-compliance/cve-info/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5964",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-12T14:18:28.806423Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T14:19:29.853Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://exchange.1e.com/product-packs/end-user-interaction/",
"defaultStatus": "affected",
"packageName": "1E-Exchange-DisplayMessage",
"platforms": [
"Windows"
],
"product": "Platform",
"vendor": "1E",
"versions": [
{
"lessThanOrEqual": "23",
"status": "affected",
"version": "0",
"versionType": "Delete"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Lockheed Martin red team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This instruction only runs on Windows clients.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eTo remediate this issue DELETE the instruction\u0026nbsp;\u201cShow dialogue with caption %Caption% and message %Message%\u201d from the list of instructions in the Settings UI, and replace it with the new instruction\u0026nbsp;1E-Exchange-ShowNotification instruction available in the updated End-User Interaction product pack. The new instruction should show as\u0026nbsp;\u201cShow %Type% type notification with header %Header% and message %Message%\u201d with a version of 7.1 or above.\u003c/span\u003e"
}
],
"value": "The 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This instruction only runs on Windows clients.\n\nTo remediate this issue DELETE the instruction\u00a0\u201cShow dialogue with caption %Caption% and message %Message%\u201d from the list of instructions in the Settings UI, and replace it with the new instruction\u00a01E-Exchange-ShowNotification instruction available in the updated End-User Interaction product pack. The new instruction should show as\u00a0\u201cShow %Type% type notification with header %Header% and message %Message%\u201d with a version of 7.1 or above."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T08:19:15.885Z",
"orgId": "4a68d2b9-b68a-4765-95bd-17f35092666b",
"shortName": "1E"
},
"references": [
{
"url": "https://exchange.1e.com/product-packs/end-user-interaction/"
},
{
"url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/1e-2023-2006/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "1E-Exchange-DisplayMessage instruction allows for arbitrary code execution",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "4a68d2b9-b68a-4765-95bd-17f35092666b",
"assignerShortName": "1E",
"cveId": "CVE-2023-5964",
"datePublished": "2023-11-06T12:27:12.281Z",
"dateReserved": "2023-11-06T12:19:31.831Z",
"dateUpdated": "2025-06-12T14:19:29.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45163 (GCVE-0-2023-45163)
Vulnerability from cvelistv5 – Published: 2023-11-06 12:19 – Updated: 2025-06-18 18:41
VLAI?
Summary
The 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the input parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This instruction only runs on Windows clients.
To remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-CommandLinePing instruction to v18.1 by uploading it through the 1E Platform instruction upload UI
Severity ?
9.9 (Critical)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Credits
Lockheed Martin red team
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.022Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://https://exchange.1e.com/product-packs/network/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.1e.com/trust-security-compliance/cve-info/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45163",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T13:47:21.798997Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T14:20:31.051Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://exchange.1e.com/product-packs/network/",
"defaultStatus": "affected",
"packageName": "1E-Exchange-CommandLinePing",
"platforms": [
"Windows"
],
"product": "Platform",
"vendor": "1E",
"versions": [
{
"lessThan": "18.1",
"status": "affected",
"version": "0",
"versionType": "Update"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Lockheed Martin red team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the input parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This instruction only runs on Windows clients.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eTo remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-CommandLinePing instruction to v18.1 by uploading it through the 1E Platform instruction upload UI\u003c/span\u003e"
}
],
"value": "The 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the input parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This instruction only runs on Windows clients.\n\nTo remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-CommandLinePing instruction to v18.1 by uploading it through the 1E Platform instruction upload UI"
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T18:41:08.905Z",
"orgId": "4a68d2b9-b68a-4765-95bd-17f35092666b",
"shortName": "1E"
},
"references": [
{
"url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/1e-2023-2005/"
},
{
"url": "https://exchange.1e.com/product-packs/network/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "1E-Exchange-CommandLinePing instruction before v18.1 allows for arbitrary code execution",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "4a68d2b9-b68a-4765-95bd-17f35092666b",
"assignerShortName": "1E",
"cveId": "CVE-2023-45163",
"datePublished": "2023-11-06T12:19:20.662Z",
"dateReserved": "2023-10-04T23:59:54.079Z",
"dateUpdated": "2025-06-18T18:41:08.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45161 (GCVE-0-2023-45161)
Vulnerability from cvelistv5 – Published: 2023-11-06 12:13 – Updated: 2025-06-18 18:41
VLAI?
Summary
The 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the URL parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This instruction only runs on Windows clients.
To remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-URLResponseTime instruction to v20.1 by uploading it through the 1E Platform instruction upload UI
Severity ?
9.9 (Critical)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Credits
Lockheed Martin red team
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://exchange.1e.com/product-packs/network/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.1e.com/trust-security-compliance/cve-info/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45161",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T13:51:52.700343Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T14:23:43.587Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://exchange.1e.com/product-packs/network/",
"defaultStatus": "affected",
"packageName": "1E-Exchange-URLResponseTime",
"platforms": [
"Windows"
],
"product": "Platform",
"vendor": "1E",
"versions": [
{
"lessThan": "20.1",
"status": "affected",
"version": "0",
"versionType": "Update"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Lockheed Martin red team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the URL parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This instruction only runs on Windows clients.\u003cbr\u003e\u003cbr\u003eTo remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-URLResponseTime instruction to v20.1 by uploading it through the 1E Platform instruction upload UI"
}
],
"value": "The 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the URL parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This instruction only runs on Windows clients.\n\nTo remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-URLResponseTime instruction to v20.1 by uploading it through the 1E Platform instruction upload UI"
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T18:41:05.819Z",
"orgId": "4a68d2b9-b68a-4765-95bd-17f35092666b",
"shortName": "1E"
},
"references": [
{
"url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/1e-2023-2003/"
},
{
"url": "https://exchange.1e.com/product-packs/network/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "1E-Exchange-URLResponseTime instruction before v20.1 allows arbitrary code execution",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "4a68d2b9-b68a-4765-95bd-17f35092666b",
"assignerShortName": "1E",
"cveId": "CVE-2023-45161",
"datePublished": "2023-11-06T12:13:09.083Z",
"dateReserved": "2023-10-04T23:59:54.078Z",
"dateUpdated": "2025-06-18T18:41:05.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45162 (GCVE-0-2023-45162)
Vulnerability from cvelistv5 – Published: 2023-10-13 12:48 – Updated: 2025-06-18 18:41
VLAI?
Summary
Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution.
Application of the relevant hotfix remediates this issue.
for v8.1.2 apply hotfix Q23166
for v8.4.1 apply hotfix Q23164
for v9.0.1 apply hotfix Q23169
SaaS implementations on v23.7.1 will automatically have hotfix Q23173 applied. Customers with SaaS versions below this are urged to upgrade urgently - please contact 1E to arrange this
Severity ?
9.9 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| 1E | 1E Platform |
Affected:
0 , < 8.1.2
(Q23166)
Affected: 0 , < 8.4.1 (Q23164) Affected: 0 , < 9.0.1 (Q23169) Affected: 0 , < 23.7.1 (Q23173) |
Credits
Discovered by 1E penetration testing
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.1e.com/trust-security-compliance/cve-info/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45162",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T20:24:59.274547Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T20:25:10.039Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "1E Platform",
"vendor": "1E",
"versions": [
{
"changes": [
{
"at": "Q23166",
"status": "unaffected"
}
],
"lessThan": "8.1.2",
"status": "affected",
"version": "0",
"versionType": "Q23166"
},
{
"changes": [
{
"at": "Q23164",
"status": "unaffected"
}
],
"lessThan": "8.4.1",
"status": "affected",
"version": "0",
"versionType": "Q23164"
},
{
"changes": [
{
"at": "Q23169",
"status": "unaffected"
}
],
"lessThan": "9.0.1",
"status": "affected",
"version": "0",
"versionType": "Q23169"
},
{
"changes": [
{
"at": "Q23173",
"status": "unaffected"
}
],
"lessThan": "23.7.1",
"status": "affected",
"version": "0",
"versionType": "Q23173"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Discovered by 1E penetration testing"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution.\u0026nbsp;\u003cbr\u003e\u003cbr\u003eApplication of the relevant hotfix remediates this issue.\u003cbr\u003e\u003cbr\u003efor v8.1.2 apply hotfix Q23166\u003cbr\u003efor v8.4.1 apply hotfix Q23164\u003cbr\u003efor v9.0.1 apply hotfix Q23169\u003cbr\u003e\u003cbr\u003eSaaS implementations on v23.7.1 will automatically have hotfix Q23173 applied. Customers with SaaS versions below this are urged to upgrade urgently - please contact 1E to arrange this"
}
],
"value": "Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution.\u00a0\n\nApplication of the relevant hotfix remediates this issue.\n\nfor v8.1.2 apply hotfix Q23166\nfor v8.4.1 apply hotfix Q23164\nfor v9.0.1 apply hotfix Q23169\n\nSaaS implementations on v23.7.1 will automatically have hotfix Q23173 applied. Customers with SaaS versions below this are urged to upgrade urgently - please contact 1E to arrange this"
}
],
"impacts": [
{
"capecId": "CAPEC-108",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-108 Command Line Execution through SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T18:41:07.315Z",
"orgId": "4a68d2b9-b68a-4765-95bd-17f35092666b",
"shortName": "1E"
},
"references": [
{
"url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/1e-2023-2004/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Blind SQL vulnerability in 1E platform",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "4a68d2b9-b68a-4765-95bd-17f35092666b",
"assignerShortName": "1E",
"cveId": "CVE-2023-45162",
"datePublished": "2023-10-13T12:48:01.359Z",
"dateReserved": "2023-10-04T23:59:54.079Z",
"dateUpdated": "2025-06-18T18:41:07.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45160 (GCVE-0-2023-45160)
Vulnerability from cvelistv5 – Published: 2023-10-05 15:12 – Updated: 2025-06-18 18:41
VLAI?
Summary
In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. The 1E Client's temporary directory is now locked down in the released patch.
Resolution: This has been fixed in patch Q23094
This issue has also been fixed in the Mac Client in updated versions of Non-Windows release v8.1.2.62 - please re-download from the 1E Support site.
Customers with Mac Client versions higher than v8.1 will need to upgrade to v23.11 to remediate this vulnerability.
Severity ?
8.8 (High)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.1e.com/trust-security-compliance/cve-info/"
},
{
"tags": [
"x_transferred"
],
"url": "https://1e.my.site.com/s/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.1e.com/vulnerability-disclosure-policy/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T19:08:13.221319Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T19:08:24.798Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS"
],
"product": "1E Client",
"vendor": "1E",
"versions": [
{
"lessThanOrEqual": "8.1.2.62",
"status": "affected",
"version": "0",
"versionType": "Q23094"
},
{
"lessThanOrEqual": "8.4.1.159",
"status": "affected",
"version": "0",
"versionType": "Q23094"
},
{
"lessThanOrEqual": "9.0.1.88",
"status": "affected",
"version": "0",
"versionType": "Q23094"
},
{
"lessThanOrEqual": "23.7.1.151",
"status": "affected",
"version": "0",
"versionType": "Q23094"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In the affected version of the 1E Client, an o\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003erdinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. The 1E Client\u0027s temporary directory is now locked down in the released patch.\u003cbr\u003e\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eResolution: This has been fixed in patch Q23094\u0026nbsp;\u003cbr\u003e\u003cbr\u003eThis issue has also been fixed in the Mac Client in updated versions of Non-Windows release v8.1.2.62 - please re-download from the 1E Support site. \u003cbr\u003e\u003cbr\u003eCustomers with Mac Client versions higher than v8.1 will need to upgrade to v23.11 to remediate this vulnerability.\u003c/span\u003e\u003c/span\u003e"
}
],
"value": "In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. The 1E Client\u0027s temporary directory is now locked down in the released patch.\n\n\n\nResolution: This has been fixed in patch Q23094\u00a0\n\nThis issue has also been fixed in the Mac Client in updated versions of Non-Windows release v8.1.2.62 - please re-download from the 1E Support site. \n\nCustomers with Mac Client versions higher than v8.1 will need to upgrade to v23.11 to remediate this vulnerability."
}
],
"impacts": [
{
"capecId": "CAPEC-177",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-177 Create files with the same name as files protected with a higher classification"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T18:41:01.614Z",
"orgId": "4a68d2b9-b68a-4765-95bd-17f35092666b",
"shortName": "1E"
},
"references": [
{
"url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/1e-2023-2002/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Elevated Temp Directory Execution in 1E Client",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "4a68d2b9-b68a-4765-95bd-17f35092666b",
"assignerShortName": "1E",
"cveId": "CVE-2023-45160",
"datePublished": "2023-10-05T15:12:20.743Z",
"dateReserved": "2023-10-04T23:59:54.078Z",
"dateUpdated": "2025-06-18T18:41:01.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45159 (GCVE-0-2023-45159)
Vulnerability from cvelistv5 – Published: 2023-10-05 10:11 – Updated: 2025-06-18 18:40
VLAI?
Summary
1E Client installer can perform arbitrary file deletion on protected files.
A non-privileged user could provide a symbolic link or Windows junction to point to a protected directory in the installer that the 1E Client would then clear on service startup.
A hotfix is available from the 1E support portal that forces the 1E Client to check for a symbolic link or junction and if it finds one refuses to use that path and instead creates a path involving a random GUID.
for v8.1 use hotfix Q23097
for v8.4 use hotfix Q23105
for v9.0 use hotfix Q23115
for SaaS customers, use 1EClient v23.7 plus hotfix Q23121
Severity ?
8.4 (High)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
Impacted products
Credits
Thanks to Lockheed Martin red team who reported this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.1e.com/trust-security-compliance/cve-info/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:1e:client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "client",
"vendor": "1e",
"versions": [
{
"lessThan": "8.1.2.62",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "8.4.1.159",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "9.0.1.88",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "23.7.1.151",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45159",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T17:33:38.940543Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T14:24:11.447Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows"
],
"product": "1E Client",
"vendor": "1E",
"versions": [
{
"changes": [
{
"at": "Q23097",
"status": "unaffected"
}
],
"lessThan": "8.1.2.62",
"status": "affected",
"version": "0",
"versionType": "Q23097"
},
{
"changes": [
{
"at": "Q23105",
"status": "unaffected"
}
],
"lessThan": "8.4.1.159",
"status": "affected",
"version": "0",
"versionType": "Q23105"
},
{
"changes": [
{
"at": "Q23115",
"status": "unaffected"
}
],
"lessThan": "9.0.1.88",
"status": "affected",
"version": "0",
"versionType": "Q23115"
},
{
"changes": [
{
"at": "Q23121",
"status": "unaffected"
}
],
"lessThan": "23.7.1.151",
"status": "affected",
"version": "0",
"versionType": "Q23121"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Thanks to Lockheed Martin red team who reported this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "1E Client installer can perform arbitrary file deletion on protected files.\u0026nbsp;\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA non-privileged user could provide a symbolic link or Windows junction to point to a protected directory in the installer that the 1E Client would then clear on service startup. \u003cbr\u003e\u003cbr\u003eA hotfix is available from the 1E support portal that forces\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ethe 1E Client to check for a symbolic link or junction and if it finds one refuses to use that path and instead creates a path involving a random GUID.\u003cbr\u003e\u003cbr\u003efor v8.1 use hotfix Q23097\u003cbr\u003efor v8.4 use hotfix Q23105\u003cbr\u003efor v9.0 use hotfix Q23115\u003cbr\u003e\u003cbr\u003efor SaaS customers, use 1EClient v23.7 plus hotfix Q23121\u003c/span\u003e\u003c/span\u003e"
}
],
"value": "1E Client installer can perform arbitrary file deletion on protected files.\u00a0\u00a0\n\nA non-privileged user could provide a symbolic link or Windows junction to point to a protected directory in the installer that the 1E Client would then clear on service startup. \n\nA hotfix is available from the 1E support portal that forces\u00a0the 1E Client to check for a symbolic link or junction and if it finds one refuses to use that path and instead creates a path involving a random GUID.\n\nfor v8.1 use hotfix Q23097\nfor v8.4 use hotfix Q23105\nfor v9.0 use hotfix Q23115\n\nfor SaaS customers, use 1EClient v23.7 plus hotfix Q23121"
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T18:40:58.223Z",
"orgId": "4a68d2b9-b68a-4765-95bd-17f35092666b",
"shortName": "1E"
},
"references": [
{
"url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/1e-2023-2001/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "1E Client installer can perform arbitrary file deletion on protected files",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "4a68d2b9-b68a-4765-95bd-17f35092666b",
"assignerShortName": "1E",
"cveId": "CVE-2023-45159",
"datePublished": "2023-10-05T10:11:20.065Z",
"dateReserved": "2023-10-04T23:59:54.078Z",
"dateUpdated": "2025-06-18T18:40:58.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27645 (GCVE-0-2020-27645)
Vulnerability from cvelistv5 – Published: 2020-12-29 20:12 – Updated: 2024-08-04 16:18
VLAI?
Summary
The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:44.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-09-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Inventory module of the 1E Client 5.0.0.745 doesn\u0027t handle an unquoted path when executing %PROGRAMFILES%\\1E\\Client\\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-29T20:12:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-27645",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Inventory module of the 1E Client 5.0.0.745 doesn\u0027t handle an unquoted path when executing %PROGRAMFILES%\\1E\\Client\\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645",
"refsource": "CONFIRM",
"url": "https://help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-27645",
"datePublished": "2020-12-29T20:12:02",
"dateReserved": "2020-10-22T00:00:00",
"dateUpdated": "2024-08-04T16:18:44.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27644 (GCVE-0-2020-27644)
Vulnerability from cvelistv5 – Published: 2020-12-29 20:10 – Updated: 2024-08-04 16:18
VLAI?
Summary
The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges by placing a malicious cryptbase.dll file in %WINDIR%\Temp\.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:45.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-09-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Inventory module of the 1E Client 5.0.0.745 doesn\u0027t handle an unquoted path when executing %PROGRAMFILES%\\1E\\Client\\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges by placing a malicious cryptbase.dll file in %WINDIR%\\Temp\\."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-29T20:10:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-27644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Inventory module of the 1E Client 5.0.0.745 doesn\u0027t handle an unquoted path when executing %PROGRAMFILES%\\1E\\Client\\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges by placing a malicious cryptbase.dll file in %WINDIR%\\Temp\\."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645",
"refsource": "CONFIRM",
"url": "https://help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-27644",
"datePublished": "2020-12-29T20:10:36",
"dateReserved": "2020-10-22T00:00:00",
"dateUpdated": "2024-08-04T16:18:45.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27643 (GCVE-0-2020-27643)
Vulnerability from cvelistv5 – Published: 2020-12-29 20:08 – Updated: 2024-08-04 16:18
VLAI?
Summary
The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticated users and local users to create and modify files in protected directories (where they would not normally have access to create or modify files) via the creation of a junction point to a system directory. This leads to partial privilege escalation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:45.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-09-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The %PROGRAMDATA%\\1E\\Client directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticated users and local users to create and modify files in protected directories (where they would not normally have access to create or modify files) via the creation of a junction point to a system directory. This leads to partial privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-29T20:08:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-27643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The %PROGRAMDATA%\\1E\\Client directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticated users and local users to create and modify files in protected directories (where they would not normally have access to create or modify files) via the creation of a junction point to a system directory. This leads to partial privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645",
"refsource": "CONFIRM",
"url": "https://help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-27643",
"datePublished": "2020-12-29T20:08:52",
"dateReserved": "2020-10-22T00:00:00",
"dateUpdated": "2024-08-04T16:18:45.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16268 (GCVE-0-2020-16268)
Vulnerability from cvelistv5 – Published: 2020-12-29 20:07 – Updated: 2024-08-04 13:37
VLAI?
Summary
The MSI installer in 1E Client 4.1.0.267 and 5.0.0.745 allows remote authenticated users and local users to gain elevated privileges via the repair option. This applies to installations that have a TRANSFORM (MST) with the option to disable the installation of the Nomad module. An attacker may craft a .reg file in a specific location that will be able to write to any registry key as an elevated user.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-09-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The MSI installer in 1E Client 4.1.0.267 and 5.0.0.745 allows remote authenticated users and local users to gain elevated privileges via the repair option. This applies to installations that have a TRANSFORM (MST) with the option to disable the installation of the Nomad module. An attacker may craft a .reg file in a specific location that will be able to write to any registry key as an elevated user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-29T20:07:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-16268",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MSI installer in 1E Client 4.1.0.267 and 5.0.0.745 allows remote authenticated users and local users to gain elevated privileges via the repair option. This applies to installations that have a TRANSFORM (MST) with the option to disable the installation of the Nomad module. An attacker may craft a .reg file in a specific location that will be able to write to any registry key as an elevated user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645",
"refsource": "CONFIRM",
"url": "https://help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-16268",
"datePublished": "2020-12-29T20:07:00",
"dateReserved": "2020-08-03T00:00:00",
"dateUpdated": "2024-08-04T13:37:54.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}