CVE-2020-12614

Published: Dec 12, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate (and also requires that the certificate is valid). If an Add Admin token is protected by this criteria, it can be leveraged by a malicious actor to achieve Elevation of Privileges from standard user to administrator.

Affected (1)

Products: Beyondtrust: Privilege Management For Windows

1 product

Privilege Management For Windows

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Beyondtrust Privilege Management For Windows	Up to 5.6

Related CWEs

Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

References (4)

https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1

Source: cve@mitre.org

Release Notes

https://www.beyondtrust.com/trust-center/security-advisories/bt22-10

Source: cve@mitre.org

Vendor Advisory

https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://www.beyondtrust.com/trust-center/security-advisories/bt22-10

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.