Security Bulletins

1E-2023-2003

Improper input validation in 1E network product pack

Bulletin ID
1E-2023-2003
Issue Date
Nov 6, 2023
Last Update
Nov 21, 2023
Priority
Critical
CVSS
9.9 (Critical)
Assigned CVE
CVE-2023-45161
Affected Products
1E Platform – Exchange Product Pack – Network

1. Vulnerability Details

CVE-ID

Description

The 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the input parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions.

 

To remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-URLResponseTime instruction to v20.1by uploading it through the 1E Platform instruction upload UI.

CVSS3.1 Score

Base Score 9.9 (Critical)

CVSS3.1 Vector String

Problem type

2. Affected products and versions

Product Versions

1E Platform – Exchange Product Pack – Network

<20.1

Do you want to report a security issue?

TeamViewer’s security team will investigate every submission in our Vulnerability Disclosure Program.