CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-16268

The MSI installer in 1E Client 4.1.0.267 and 5.0.0.745 allows remote authenticated users and local users to gain elevated privileges via the repair option. This applies to installations that have a TRANSFORM (MST) with the option to disable the installation of the Nomad module. An attacker may craft a .reg file in a specific location that will be able to write to any registry key as an elevated user.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.008

EPSS Ranking 74.1%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

https://help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645
https://help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645

Products affected by CVE-2020-16268

1e » Client » Version: 4.1.0.267

cpe:2.3:a:1e:client:4.1.0.267
1e » Client » Version: 5.0.0.745

cpe:2.3:a:1e:client:5.0.0.745

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-16268

Products

Pricing

Contact Us