The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticated users and local users to create and modify files in protected directories (where they would not normally have access to create or modify files) via the creation of a junction point to a system directory. This leads to partial privilege escalation.
References
Configurations
Configuration 1 (hide)
|
History
03 Jan 2021, 23:47
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-269 | |
CPE | cpe:2.3:a:1e:client:4.1.0.267:*:*:*:*:windows:*:* cpe:2.3:a:1e:client:5.0.0.745:*:*:*:*:windows:*:* |
|
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 6.5 |
References | (CONFIRM) https://help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645 - Vendor Advisory |
29 Dec 2020, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2020-12-29 21:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-27643
Mitre link : CVE-2020-27643
CVE.ORG link : CVE-2020-27643
JSON object : View
Products Affected
1e
- client
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')