Lucene search

MitreCVE-2020-12614

HistoryDec 12, 2023 - 3:15 p.m.

CVE-2020-12614

2023-12-1215:15:07

CWE-295

mitre

web.nvd.nist.gov

beyondtrust

privilege management

windows

cve-2020-12614

elevation of privileges

security vulnerability

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

Percentile

9.0%

JSON

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate (and also requires that the certificate is valid). If an Add Admin token is protected by this criteria, it can be leveraged by a malicious actor to achieve Elevation of Privileges from standard user to administrator.

Affected configurations

Nvd

Node

beyondtrustprivilege_management_for_windowsRange≤5.6

VendorProductVersionCPE
beyondtrustprivilege_management_for_windows*cpe:2.3:a:beyondtrust:privilege_management_for_windows:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
beyondtrust	privilege_management_for_windows	*	cpe:2.3:a:beyondtrust:privilege_management_for_windows::::::::

References

www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1

www.beyondtrust.com/trust-center/security-advisories/bt22-10

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2020-12614