CVE-2020-27643

The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticated users and local users to create and modify files in protected directories (where they would not normally have access to create or modify files) via the creation of a junction point to a system directory. This leads to partial privilege escalation.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:1e:client:4.1.0.267:*:*:*:*:windows:*:*
cpe:2.3:a:1e:client:5.0.0.745:*:*:*:*:windows:*:*

History

21 Nov 2024, 05:21

Type Values Removed Values Added
References () https://help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645 - Vendor Advisory () https://help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645 - Vendor Advisory

Information

Published : 2020-12-29 21:15

Updated : 2024-11-21 05:21


NVD link : CVE-2020-27643

Mitre link : CVE-2020-27643

CVE.ORG link : CVE-2020-27643


JSON object : View

Products Affected

1e

  • client
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')