1E-2023-2005

CVE-ID	CVE-2023-45163
Description	The 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. To remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-CommandLinePing instruction to v18.1by uploading it through the 1E Platform instruction upload UI.
CVSS3.1 Score	Base Score 9.9 (Critical)
CVSS3.1 Vector String	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Problem type	CWE 20: Improper input validation

Product	Versions
1E Platform – Exchange Product Pack – Network	<18.1

TeamViewer’s security team will investigate every submission in our Vulnerability Disclosure Program.

Improper input validation in 1E platform network product pack