CVE-2020-27643

The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticated users and local users to create and modify files in protected directories (where they would not normally have access to create or modify files) via the creation of a junction point to a system directory. This leads to partial privilege escalation.

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.0 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:1e:client:4.1.0.267:::::windows::
	cpe:2.3:a:1e:client:5.0.0.745:::::windows::

History

No history.

Information

Published : 2020-12-29 21:15

Updated : 2024-02-04 21:23

NVD link : CVE-2020-27643

Mitre link : CVE-2020-27643

CVE.ORG link : CVE-2020-27643

JSON object : View

Products Affected

1e

client

CWE

CWE-59

Improper Link Resolution Before File Access ('Link Following')

{"id": "CVE-2020-27643", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2020-12-29T21:15:13.163", "references": [{"url": "https://help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-59"}]}], "descriptions": [{"lang": "en", "value": "The %PROGRAMDATA%\\1E\\Client directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticated users and local users to create and modify files in protected directories (where they would not normally have access to create or modify files) via the creation of a junction point to a system directory. This leads to partial privilege escalation."}, {"lang": "es", "value": "El directorio %PROGRAMDATA%\\1E\\Client en 1E Client versiones 5.0.0.745 y 4.1.0.267, permite a los usuarios autenticados remotos y a los usuarios locales crear y modificar archivos en directorios protegidos (donde normalmente no tendr\u00edan acceso para crear o modificar archivos) mediante la creaci\u00f3n de un punto de uni\u00f3n en un directorio del sistema. Esto conduce a una escalada parcial de privilegios"}], "lastModified": "2021-07-21T11:39:23.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:1e:client:4.1.0.267:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "E15F224E-1F50-483D-AAA0-F9D022C2B025"}, {"criteria": "cpe:2.3:a:1e:client:5.0.0.745:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "ECFC24D6-F42F-481A-984D-EC4E7507E2BF"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}