Overview
- Description
- The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticated users and local users to create and modify files in protected directories (where they would not normally have access to create or modify files) via the creation of a junction point to a system directory. This leads to partial privilege escalation.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-59
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:1e:client:4.1.0.267:*:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "E15F224E-1F50-483D-AAA0-F9D022C2B025"
},
{
"criteria": "cpe:2.3:a:1e:client:5.0.0.745:*:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "ECFC24D6-F42F-481A-984D-EC4E7507E2BF"
}
],
"operator": "OR"
}
]
}
]