Lucene search

[email protected]NVD:CVE-2020-12614

HistoryDec 12, 2023 - 3:15 p.m.

CVE-2020-12614

2023-12-1215:15:07

CWE-295

[email protected]

web.nvd.nist.gov

beyondtrust; privilege management; elevation of privileges; windows; cve-2020-12614

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.0%

JSON

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate (and also requires that the certificate is valid). If an Add Admin token is protected by this criteria, it can be leveraged by a malicious actor to achieve Elevation of Privileges from standard user to administrator.

Affected configurations

Nvd

Node

beyondtrustprivilege_management_for_windowsRange≤5.6

VendorProductVersionCPE
beyondtrustprivilege_management_for_windows*cpe:2.3:a:beyondtrust:privilege_management_for_windows:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
beyondtrust	privilege_management_for_windows	*	cpe:2.3:a:beyondtrust:privilege_management_for_windows::::::::

References

www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1

www.beyondtrust.com/trust-center/security-advisories/bt22-10

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.0%

JSON

Related for NVD:CVE-2020-12614

prion1 vulnrichment1 cvelist1 cve1