Vulnerabilities > CVE-2020-12612 - Unspecified vulnerability in Beyondtrust Privilege Management for Windows

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

beyondtrust

NVD

Published: 2023-12-12

Updated: 2023-12-15

Summary

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When specifying a program to elevate, it can typically be found within the Program Files (x86) folder and therefore uses the %ProgramFiles(x86)% environment variable. However, when this same policy gets pushed to a 32bit machine, this environment variable does not exist. Therefore, since the standard user can create a user level environment variable, they can repoint this variable to any folder the user has full control of. Then, the folder structure can be created in such a way that a rule matches and arbitrary code runs elevated.

Vulnerable Configurations

Part	Description	Count
Application	Beyondtrust Beyondtrust Privilege Management FOR Windows - Beyondtrust Privilege Management FOR Windows 4.3 Beyondtrust Privilege Management FOR Windows 4.4 Beyondtrust Privilege Management FOR Windows 5.0 Beyondtrust Privilege Management FOR Windows 5.1 Beyondtrust Privilege Management FOR Windows 5.2.21 Beyondtrust Privilege Management FOR Windows 5.2.28 Beyondtrust Privilege Management FOR Windows 5.3.216 Beyondtrust Privilege Management FOR Windows 5.3.219 Beyondtrust Privilege Management FOR Windows 5.3.229 Beyondtrust Privilege Management FOR Windows 5.3.230 Beyondtrust Privilege Management FOR Windows 5.4 Beyondtrust Privilege Management FOR Windows 5.5 Beyondtrust Privilege Management FOR Windows 5.5.144 Beyondtrust Privilege Management FOR Windows 5.6	24

Summary

Vulnerable Configurations

References