Security Bulletins

1E-2023-2003

Improper input validation in 1E network product pack

Bulletin ID
1E-2023-2003
Issue Date
Nov 6, 2023
Last Update
Nov 21, 2023
Priority
Critical
CVSS
9.9 (Critical)
Assigned CVE
CVE-2023-45161
Affected Products
1E Platform – Exchange Product Pack – Network

1. Vulnerability Details

CVE-ID

CVE-2023-45161

Description

The 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the input parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions.

 

To remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-URLResponseTime instruction to v20.1by uploading it through the 1E Platform instruction upload UI.

CVSS3.1 Score

Base Score 9.9 (Critical)

CVSS3.1 Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Problem type

CWE 20: Improper Input Validation

2. Affected products and versions

Product
Versions

1E Platform – Exchange Product Pack – Network

<20.1

Do you want to report a security issue?

TeamViewer’s security team will investigate every submission in our Vulnerability Disclosure Program.