An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary processes.
References
Link | Resource |
---|---|
https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1 | Release Notes |
https://www.beyondtrust.com/trust-center/security-advisories/bt22-07 | Vendor Advisory |
https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1 | Release Notes |
https://www.beyondtrust.com/trust-center/security-advisories/bt22-07 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 04:59
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1 - Release Notes | |
References | () https://www.beyondtrust.com/trust-center/security-advisories/bt22-07 - Vendor Advisory |
28 Aug 2024, 17:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-269 |
15 Dec 2023, 16:04
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1 - Release Notes | |
References | () https://www.beyondtrust.com/trust-center/security-advisories/bt22-07 - Vendor Advisory | |
CWE | NVD-CWE-noinfo | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
CPE | cpe:2.3:a:beyondtrust:privilege_management_for_windows:5.6:-:*:*:*:*:*:* cpe:2.3:a:beyondtrust:privilege_management_for_windows:*:*:*:*:*:*:*:* |
12 Dec 2023, 13:43
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-12 13:15
Updated : 2024-11-21 04:59
NVD link : CVE-2020-12615
Mitre link : CVE-2020-12615
CVE.ORG link : CVE-2020-12615
JSON object : View
Products Affected
beyondtrust
- privilege_management_for_windows
CWE