Vulnerabilities > CVE-2020-12615 - Unspecified vulnerability in Beyondtrust Privilege Management for Windows

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

beyondtrust

NVD

Published: 2023-12-12

Updated: 2023-12-15

Summary

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary processes.

Vulnerable Configurations

Part	Description	Count
Application	Beyondtrust Beyondtrust Privilege Management FOR Windows - Beyondtrust Privilege Management FOR Windows 4.3 Beyondtrust Privilege Management FOR Windows 4.4 Beyondtrust Privilege Management FOR Windows 5.0 Beyondtrust Privilege Management FOR Windows 5.1 Beyondtrust Privilege Management FOR Windows 5.2.21 Beyondtrust Privilege Management FOR Windows 5.2.28 Beyondtrust Privilege Management FOR Windows 5.3.216 Beyondtrust Privilege Management FOR Windows 5.3.219 Beyondtrust Privilege Management FOR Windows 5.3.229 Beyondtrust Privilege Management FOR Windows 5.3.230 Beyondtrust Privilege Management FOR Windows 5.4 Beyondtrust Privilege Management FOR Windows 5.5 Beyondtrust Privilege Management FOR Windows 5.5.144 Beyondtrust Privilege Management FOR Windows 5.6	24

Summary

Vulnerable Configurations

References