CVE-2020-27644

HIGH

1E Client 5.0.0.745 - Privilege Escalation

Title source: llm

Description

The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges by placing a malicious cryptbase.dll file in %WINDIR%\Temp\.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645

Scores

CVSS v3 8.8

EPSS 0.0116

EPSS Percentile 62.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-428

Status published

Products (1)

1e/client 5.0.0.745

Published Dec 29, 2020

Tracked Since Feb 18, 2026