Security Bulletins

1E-2023-2005

Improper input validation in 1E platform network product pack

Bulletin ID
1E-2023-2005
Issue Date
6 de nov de 2023
Last Update
21 de nov de 2023
Priority
Critical
CVSS
9.9 (Critical)
Assigned CVE
CVE-2023-45163
Affected Products
1E Platform – Exchange Product Pack – Network

1. Vulnerability Details

CVE-ID

Description

The 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions.

 

To remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-CommandLinePing instruction to v18.1by uploading it through the 1E Platform instruction upload UI.

CVSS3.1 Score

Base Score 9.9 (Critical)

CVSS3.1 Vector String

Problem type

2. Affected products and versions

Product Versions

1E Platform – Exchange Product Pack – Network

<18.1