CVE-2023-45160

Published: Oct 5, 2023

Modified: Jun 18, 2025

PUBLISHED

CVSS v3.1

8.8

HIGH

Description

In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. The 1E Client's temporary directory is now locked down in the released patch. Resolution: This has been fixed in patch Q23094 This issue has also been fixed in the Mac Client in updated versions of Non-Windows release v8.1.2.62 - please re-download from the 1E Support site. Customers with Mac Client versions higher than v8.1 will need to upgrade to v23.11 to remediate this vulnerability.

Vendor	Product	Versions
1E	1E Client	affected `0 - <= 8.1.2.62` affected `0 - <= 8.4.1.159` affected `0 - <= 9.0.1.88` affected `0 - <= 23.7.1.151`

Weaknesses (CWE)

CWE-552

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://www.teamviewer.com/en/resources/trust-center/security-bulletins/1e-2023-2002/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-45160

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References