CVE-2020-12613

Published: Dec 11, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. An attacker can spawn a process with multiple users as part of the security token (prior to Avecto elevation). When Avecto elevates the process, it removes the user who is launching the process, but not the second user. Therefore this second user still retains access and can give permission to the process back to the first user.

Affected (1)

Products: Beyondtrust: Privilege Management For Windows

1 product

Privilege Management For Windows

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Beyondtrust Privilege Management For Windows	Up to 5.6

References (4)

https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1

Source: cve@mitre.org

Release Notes

https://www.beyondtrust.com/trust-center/security-advisories/bt22-11

Source: cve@mitre.org

Vendor Advisory

https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://www.beyondtrust.com/trust-center/security-advisories/bt22-11

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.