- Description
- 1E Client installer can perform arbitrary file deletion on protected files. A non-privileged user could provide a symbolic link or Windows junction to point to a protected directory in the installer that the 1E Client would then clear on service startup. A hotfix is available from the 1E support portal that forces the 1E Client to check for a symbolic link or junction and if it finds one refuses to use that path and instead creates a path involving a random GUID. for v8.1 use hotfix Q23097 for v8.4 use hotfix Q23105 for v9.0 use hotfix Q23115 for SaaS customers, use 1EClient v23.7 plus hotfix Q23121
- Source
- security@1e.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 8.4
- Impact score
- 5.9
- Exploitability score
- 2.5
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:1e:client:8.1.2.62:*:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "EF79F84B-2408-44F9-A7AD-D9CAB9C34A61"
},
{
"criteria": "cpe:2.3:a:1e:client:8.4.1.159:*:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "4A156058-6634-4C59-831B-9A6E7C95BE84"
},
{
"criteria": "cpe:2.3:a:1e:client:9.0.1.88:*:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "66EA1F19-4432-4D9F-82DD-91062B54284B"
},
{
"criteria": "cpe:2.3:a:1e:client:23.7.1.151:*:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "73A8F998-B3AF-46C6-B4E5-3FEF6EA25A99"
}
],
"operator": "OR"
}
]
}
]