CVE-2023-45159

CVSS 3.1 Score 8.4 of 10 (high)

Details

Published Oct 5, 2023

Updated: Oct 19, 2023

CWE ID 59

Summary

CVE-2023-45159 is a vulnerability affecting the 1E Client installer, allowing a non-privileged user to perform arbitrary file deletion on protected files. By creating a symbolic link or Windows junction to a protected directory, a user can manipulate the installer to clear the directory on service startup. The vulnerability can be mitigated by installing the respective hotfixes for versions 8.1, 8.4, and 9.0: Q23097, Q23105, and Q23115, respectively. For SaaS customers, using 1EClient v23.7 along with hotfix Q23121 is recommended to address this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/s5Mh0G
https://www.cve.org/CVERecord?id=CVE-2023-45159
https://nvd.nist.gov/vuln/detail/CVE-2023-45159

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2023-45159

CVSS 3.1 Score 8.4 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations