Vulnerabilities > CVE-2020-12613 - Unspecified vulnerability in Beyondtrust Privilege Management for Windows

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

beyondtrust

NVD

Published: 2023-12-11

Updated: 2023-12-14

Summary

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. An attacker can spawn a process with multiple users as part of the security token (prior to Avecto elevation). When Avecto elevates the process, it removes the user who is launching the process, but not the second user. Therefore this second user still retains access and can give permission to the process back to the first user.

Vulnerable Configurations

Part	Description	Count
Application	Beyondtrust Beyondtrust Privilege Management FOR Windows - Beyondtrust Privilege Management FOR Windows 4.3 Beyondtrust Privilege Management FOR Windows 4.4 Beyondtrust Privilege Management FOR Windows 5.0 Beyondtrust Privilege Management FOR Windows 5.1 Beyondtrust Privilege Management FOR Windows 5.2.21 Beyondtrust Privilege Management FOR Windows 5.2.28 Beyondtrust Privilege Management FOR Windows 5.3.216 Beyondtrust Privilege Management FOR Windows 5.3.219 Beyondtrust Privilege Management FOR Windows 5.3.229 Beyondtrust Privilege Management FOR Windows 5.3.230 Beyondtrust Privilege Management FOR Windows 5.4 Beyondtrust Privilege Management FOR Windows 5.5 Beyondtrust Privilege Management FOR Windows 5.5.144	21

Summary

Vulnerable Configurations

References