CVE-2020-27645

2020-12-2920:12:02

mitre

www.cve.org

1e client

inventory module

elevated privileges

AI Score

8.4

Confidence

High

EPSS

0.002

Percentile

59.8%

JSON

The Inventory module of the 1E Client 5.0.0.745 doesn’t handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges.

References

help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645