1E-2020-2002

1E client enables privilege escalation

速報 ID
1E-2020-2002
Issue Date
2020/12/29
最終更新日
2020/12/29
優先度
Important(重要)
CVSS
8.8 (High)
割り当て CVE
CVE-2020-27644
影響のある製品
1E Client for Windows

1. Vulnerability Details

CVE-ID

Description

The Inventory module of the 1E Client 5.0.0.745 doesn’t handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges by placing a malicious file called cryptbase.dll to the C:\Windows\Temp\.

CVSS3.1 Score

Base Score 8.8 (High)

CVSS3.1 Vector String

Problem type

2. Affected products and versions

Product Versions

1E Client for Windows

5.0.x

Do you want to report a security issue?

TeamViewer’s security team will investigate every submission in our Vulnerability Disclosure Program.