CVE-2020-12615

Published: Dec 12, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary processes.

Affected (2)

Products: Beyondtrust: Privilege Management For Windows

1 product

Privilege Management For Windows

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Beyondtrust Privilege Management For Windows	Before 5.6
Beyondtrust Privilege Management For Windows	Version 5.6

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (4)

https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1

Source: cve@mitre.org

Release Notes

https://www.beyondtrust.com/trust-center/security-advisories/bt22-07

Source: cve@mitre.org

Vendor Advisory

https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://www.beyondtrust.com/trust-center/security-advisories/bt22-07

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.