CVE-2023-45160 is a high-severity vulnerability (CVSS 8.8) affecting the 1E Client software, specifically related to improper access control of temporary resource files. The vulnerability is categorized under CWE-552, which involves files or directories accessible to external parties. In this case, an ordinary user with limited privileges can manipulate the 1E Client's downloaded instruction resource files by substituting legitimate script files with malicious scripts. This occurs because the temporary directory used by the 1E Client to store these resource files was not properly locked down, allowing unauthorized modification at runtime. Exploiting this flaw could lead to execution of arbitrary malicious code with the privileges of the 1E Client process, potentially compromising confidentiality, integrity, and availability of affected systems. The issue affects both Windows and Mac versions of the 1E Client, with the Mac Client vulnerability fixed in version 8.1.2.62 and later, and the Windows Client patched in update Q23094. The vulnerability does not require user interaction but does require low-level privileges (PR:L) to exploit. No known exploits are currently reported in the wild. The vulnerability allows network-based exploitation (AV:N), making it more accessible to attackers who can reach the affected systems remotely. The patch locks down the temporary directory to prevent unauthorized file substitution, effectively mitigating the risk.

For European organizations using the 1E Client, this vulnerability poses a significant risk. The ability for an ordinary user to inject malicious scripts can lead to unauthorized code execution, data breaches, and disruption of critical IT management functions that 1E Client typically supports, such as software deployment and endpoint management. Given the high CVSS score and the potential for full compromise of affected endpoints, attackers could leverage this vulnerability to move laterally within networks, escalate privileges, or disrupt business operations. This is particularly concerning for sectors with strict data protection requirements under GDPR, such as finance, healthcare, and government agencies, where confidentiality and integrity of data are paramount. The network attack vector means that attackers could exploit this vulnerability remotely if they have access to the network, increasing the threat surface. The absence of required user interaction further raises the risk of automated exploitation in targeted attacks or malware campaigns. Organizations relying on 1E Client for endpoint management should consider this vulnerability a priority for remediation to avoid operational and compliance risks.

1. Immediate application of the vendor-provided patches is critical: upgrade Windows 1E Client installations to patch Q23094 and Mac Clients to version 8.1.2.62 or later (preferably v23.11). 2. Restrict access permissions on the 1E Client temporary directories to prevent unauthorized users from modifying files, even before patching. 3. Implement strict endpoint privilege management to limit the ability of ordinary users to write or replace files in application directories. 4. Monitor file integrity of the 1E Client resource directories using host-based intrusion detection systems (HIDS) to detect unauthorized changes. 5. Employ network segmentation and access controls to limit exposure of systems running 1E Client to untrusted networks or users. 6. Conduct regular audits of installed software versions across the enterprise to ensure all 1E Clients are updated promptly. 7. Educate IT and security teams about this vulnerability to recognize potential exploitation signs and respond swiftly. These steps go beyond generic patching advice by emphasizing proactive access control, monitoring, and network defense tailored to the 1E Client environment.