VYPR
Unrated severityNVD Advisory· Published Dec 29, 2020· Updated Aug 4, 2024

CVE-2020-27643

CVE-2020-27643

Description

The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticated users and local users to create and modify files in protected directories (where they would not normally have access to create or modify files) via the creation of a junction point to a system directory. This leads to partial privilege escalation.

Affected products

2
  • 1E/1E Clientdescription
  • 1e/1e Clientllm-fuzzy
    Range: <= 5.0.0.745 & <= 4.1.0.267

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.