1E-2020-2001

CVE-ID	CVE-2020-27645
Description	The Inventory module of the 1E Client 5.0.0.745 doesn’t handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges.
CVSS3.1 Score	Base Score 8.8 (High)
CVSS3.1 Vector String	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Problem type	CWE-428: Uncontrolled Search Path Element

Product	Versions
1E Client for Windows	5.0.x

TeamViewer’s security team will investigate every submission in our Vulnerability Disclosure Program.

Unquoted search path in 1E client