1E-2023-2002

CVE-ID	CVE-2023-45160
Description	In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. This has been fixed in patch Q23094 as the 1E Client’s temporary directory is now locked down.
CVSS3.1 Score	Base Score 8.8 (High)
CVSS3.1 Vector String	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Problem type	CWE 552: Files or Directories Accessible to External Parties

TeamViewer’s security team will investigate every submission in our Vulnerability Disclosure Program.

Insecure file handling in 1E client for windows