CVE-2020-27643

MEDIUM

1E Client 5.0.0.745-4.1.0.267 - Privilege Escalation

Title source: llm

Description

The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticated users and local users to create and modify files in protected directories (where they would not normally have access to create or modify files) via the creation of a junction point to a system directory. This leads to partial privilege escalation.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645

Scores

CVSS v3 6.5

EPSS 0.0141

EPSS Percentile 69.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-59

Status published

Products (2)

1e/client 4.1.0.267

1e/client 5.0.0.745

Published Dec 29, 2020

Tracked Since Feb 18, 2026