1E-2023-2002

Insecure file handling in 1E client for windows

速報 ID
1E-2023-2002
Issue Date
2023/10/05
最終更新日
2023/11/02
優先度
Important(重要)
CVSS
8.8 (High)
割り当て CVE
CVE-2023-45160
影響のある製品
1E Client for Windows

1. Vulnerability Details

CVE-ID

Description

In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. This has been fixed in patch Q23094 as the 1E Client’s temporary directory is now locked down.

CVSS3.1 Score

Base Score 8.8 (High)

CVSS3.1 Vector String

Problem type

2. Affected products and versions

Product Versions

1E Client for Windows

8.1.2.62

1E Client for Windows

8.4.1.159

1E Client for Windows

9.0.1.88

1E Client for Windows

23.7.1.151

Do you want to report a security issue?

TeamViewer’s security team will investigate every submission in our Vulnerability Disclosure Program.