CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-27643

The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticated users and local users to create and modify files in protected directories (where they would not normally have access to create or modify files) via the creation of a junction point to a system directory. This leads to partial privilege escalation.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 32.3%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.0

References

https://help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645
https://help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645

Products affected by CVE-2020-27643

1e » Client » Version: 4.1.0.267

cpe:2.3:a:1e:client:4.1.0.267
1e » Client » Version: 5.0.0.745

cpe:2.3:a:1e:client:5.0.0.745

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-27643

Products

Pricing

Contact Us