Lucene search

MitreCVE-2020-12615

HistoryDec 12, 2023 - 1:15 p.m.

CVE-2020-12615

2023-12-1213:15:06

CWE-269

mitre

web.nvd.nist.gov

cve-2020-12615

beyondtrust

privilege management

windows

security issue

theft of security token

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

Percentile

9.0%

JSON

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary processes.

Affected configurations

Nvd

Node

beyondtrustprivilege_management_for_windowsRange<5.6

beyondtrustprivilege_management_for_windowsMatch5.6-

VendorProductVersionCPE
beyondtrustprivilege_management_for_windows*cpe:2.3:a:beyondtrust:privilege_management_for_windows:*:*:*:*:*:*:*:*
beyondtrustprivilege_management_for_windows5.6cpe:2.3:a:beyondtrust:privilege_management_for_windows:5.6:-:*:*:*:*:*:*

Vendor	Product	Version	CPE
beyondtrust	privilege_management_for_windows	*	cpe:2.3:a:beyondtrust:privilege_management_for_windows::::::::
beyondtrust	privilege_management_for_windows	5.6	cpe:2.3:a:beyondtrust:privilege_management_for_windows:5.6:-::::::

References

www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1

www.beyondtrust.com/trust-center/security-advisories/bt22-07

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2020-12615