{"dataType":"CVE_RECORD","cveMetadata":{"cveId":"CVE-2023-45160","assignerOrgId":"4a68d2b9-b68a-4765-95bd-17f35092666b","state":"PUBLISHED","assignerShortName":"1E","dateReserved":"2023-10-04T23:59:54.078Z","datePublished":"2023-10-05T15:12:20.743Z","dateUpdated":"2025-06-18T18:41:01.614Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["Windows","MacOS"],"product":"1E Client","vendor":"1E","versions":[{"lessThanOrEqual":"8.1.2.62","status":"affected","version":"0","versionType":"Q23094"},{"lessThanOrEqual":"8.4.1.159","status":"affected","version":"0","versionType":"Q23094"},{"lessThanOrEqual":"9.0.1.88","status":"affected","version":"0","versionType":"Q23094"},{"lessThanOrEqual":"23.7.1.151","status":"affected","version":"0","versionType":"Q23094"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"In the affected version of the 1E Client, an o<span style=\"background-color: rgb(255, 255, 255);\">rdinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. The 1E Client's temporary directory is now locked down in the released patch.<br><br>\n\n<span style=\"background-color: rgb(255, 255, 255);\">Resolution: This has been fixed in patch Q23094&nbsp;<br><br>This issue has also been fixed in the Mac Client in updated versions of Non-Windows release v8.1.2.62 - please re-download from the 1E Support site. <br><br>Customers with Mac Client versions higher than v8.1 will need to upgrade to v23.11 to remediate this vulnerability.</span></span>"}],"value":"In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. The 1E Client's temporary directory is now locked down in the released patch.\n\n\n\nResolution: This has been fixed in patch Q23094 \n\nThis issue has also been fixed in the Mac Client in updated versions of Non-Windows release v8.1.2.62 - please re-download from the 1E Support site. \n\nCustomers with Mac Client versions higher than v8.1 will need to upgrade to v23.11 to remediate this vulnerability."}],"impacts":[{"capecId":"CAPEC-177","descriptions":[{"lang":"en","value":"CAPEC-177 Create files with the same name as files protected with a higher classification"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-552","description":"CWE-552 Files or Directories Accessible to External Parties","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"4a68d2b9-b68a-4765-95bd-17f35092666b","shortName":"1E","dateUpdated":"2025-06-18T18:41:01.614Z"},"references":[{"url":"https://www.teamviewer.com/en/resources/trust-center/security-bulletins/1e-2023-2002/"}],"source":{"discovery":"UNKNOWN"},"title":"Elevated Temp Directory Execution in 1E Client","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T20:14:19.027Z"},"title":"CVE Program Container","references":[{"url":"https://www.1e.com/trust-security-compliance/cve-info/","tags":["x_transferred"]},{"url":"https://1e.my.site.com/s/","tags":["x_transferred"]},{"url":"https://www.1e.com/vulnerability-disclosure-policy/","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-09-19T19:08:13.221319Z","id":"CVE-2023-45160","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-19T19:08:24.798Z"}}]},"dataVersion":"5.1"}