Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges by placing a malicious cryptbase.dll file in %WINDIR%\Temp\.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
1E Client 代码问题漏洞
Vulnerability Description
1E Client是美国1E(1E Client)公司的一款无需部署代理的端点管理软件。 1E Client 5.0.0.745版本存在安全漏洞,该漏洞源于%PROGRAMFILES%1EClientTachyon.Performance.Metrics.exe不处理未引用的路径。这可能允许远程认证用户和本地用户通过在%WINDIR%Temp中放置一个恶意的cryptbase.dll文件来获得更高的权限。
CVSS Information
N/A
Vulnerability Type
N/A