CVE-2020-27644

The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges by placing a malicious cryptbase.dll file in %WINDIR%\Temp\.
Configurations

Configuration 1 (hide)

cpe:2.3:a:1e:client:5.0.0.745:*:*:*:*:windows:*:*

History

No history.

Information

Published : 2020-12-29 21:15

Updated : 2024-02-04 21:23


NVD link : CVE-2020-27644

Mitre link : CVE-2020-27644

CVE.ORG link : CVE-2020-27644


JSON object : View

Products Affected

1e

  • client
CWE
CWE-428

Unquoted Search Path or Element