CVE-2023-45159: CVE Info

CVE-2023-45159

CVEID

CVE-2023-45159

PRODUCT

1E Client for Windows

VERSION

– 8.1.2.62 – 8.4.1.159 – 9.0.1.88 – 23.7.1.151

PROBLEM TYPE

Improper Link Resolution Before File Access (‘Link Following’)

REFERENCES

https://www.1e.com/trust-security-compliance/cve-info/

DESCRIPTION

1E Client installer can perform arbitrary file deletion on protected files. A non-privileged user could provide a symbolic link or Windows junction to point to a protected directory in the installer that the 1E Client would then clear on service startup. A hotfix is available Q23092 that forces the 1E Client to check for a symbolic link or junction and if it finds one refuses to use that path and instead creates a path involving a random GUID.

CVSS v3.1 Vector CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

ASSIGNING CNA

1E

CVE-2020-16268

CVE-2020-27643

CVEID

CVE-2020-27643

PRODUCT

1E Client for Windows

VERSION

– 5.0.x
– 4.1.x

PROBLEM TYPE

Windows Hard Link

REFERENCES

https://help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645

DESCRIPTION

The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticated users and local users to create and modify files in protected directories (where they would not normally have access to create or modify files) via the creation of a junction point to a system directory. This leads to partial privilege escalation. This vulnerability can be mitigated by changing the permission of the ProgramData\1E\Client directory so that a standard user does not have the ability to create and modify files.

CVSS v3.1 Vector AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C

https://nvd.nist.gov/vuln/detail/CVE-2020-27643
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27643

ASSIGNING CNA

MITRE

CVE-2020-27644

CVE-2020-27645