Vulnerabilities > CVE-2021-3187 - Unspecified vulnerability in Beyondtrust Privilege Management for mac

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

beyondtrust

NVD

Published: 2023-12-11

Updated: 2023-12-14

Summary

An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a temporary directory) during install time. (This applies to macOS before 10.15.5, or Security Update 2020-003 on Mojave and High Sierra, Later versions of macOS are not vulnerable.)

Vulnerable Configurations

Part	Description	Count
Application	Beyondtrust Beyondtrust Privilege Management FOR MAC - Beyondtrust Privilege Management FOR MAC 4.1 Beyondtrust Privilege Management FOR MAC 4.2 Beyondtrust Privilege Management FOR MAC 4.5 Beyondtrust Privilege Management FOR MAC 5.0 Beyondtrust Privilege Management FOR MAC 5.2 Beyondtrust Privilege Management FOR MAC 5.4.123 Beyondtrust Privilege Management FOR MAC 5.5 Beyondtrust Privilege Management FOR MAC 5.6	11
OS	Apple Apple MAC OS X * Apple MAC OS X 10.13.6 Apple MAC OS X 10.14.6	22

Summary

Vulnerable Configurations

References