1E Client Nomad Module Improper Link Resolution Vulnerability Allowing Arbitrary File Deletion

A vulnerability exists in the Nomad module of the 1E Client, affecting versions prior to 25.3. This issue involves improper link resolution before file access, which enables an attacker with local unprivileged access on a Windows system to delete arbitrary files. The vulnerability arises from the exploitation of symbolic links.

Impact

Exploitation of this vulnerability allows for the deletion of arbitrary files on the affected Windows system.

Reproduction

To reproduce this vulnerability, an attacker must create a symbolic link that points to a target file. The attacker can then use a privileged program that creates temporary files. When the program writes to the temporary file, it inadvertently overwrites the target file referenced by the symbolic link.

Remediation

Users can update to 1E Client versions 25.3 or later. For 1E Client v25.1, hotfix Q23589 or later is recommended. For 1E Client v24.5, hotfix Q23583 or later should be applied. 1E Content Distribution Tools v25.1 users should also update to hotfix Q23591 or later.