Lucene search

13061848-ea10-403d-bd75-c83a022c2891CVE-2024-1591

HistoryFeb 16, 2024 - 7:15 p.m.

CVE-2024-1591

2024-02-1619:15:08

CWE-200

13061848-ea10-403d-bd75-c83a022c2891

web.nvd.nist.gov

cve-2024-1591

sysvol

privilege management

windows

gpo policy

configuration issues

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. This allows them to view the policy and potentially find configuration issues.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "Privilege Management for Windows",
    "vendor": "BeyondTrust",
    "versions": [
      {
        "lessThan": "24.1",
        "status": "affected",
        "version": "1",
        "versionType": "custom"
      }
    ]
  }
]

References

www.beyondtrust.com/trust-center/security-advisories/bt24-02

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-1591