Lucene search

BTCVELIST:CVE-2024-1591

HistoryFeb 16, 2024 - 6:54 p.m.

CVE-2024-1591 Privilege Management for Windows < 24.1 Information Leak

2024-02-1618:54:33

CWE-200

www.cve.org

cve-2024-1591

information leak

privilege management

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. This allows them to view the policy and potentially find configuration issues.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "Privilege Management for Windows",
    "vendor": "BeyondTrust",
    "versions": [
      {
        "lessThan": "24.1",
        "status": "affected",
        "version": "1",
        "versionType": "custom"
      }
    ]
  }
]

References

www.beyondtrust.com/trust-center/security-advisories/bt24-02

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for CVELIST:CVE-2024-1591