HIGH🇬🇧 English

CVE-2020-12614

CVSS 7.8v3.1pub. 2023-12-12upd. 2024-11-21

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate (and also requires that the certificate is valid). If an Add Admin token is protected by this criteria, it can be leveraged by a malicious actor to achieve Elevation of Privileges from standard user to administrator.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Beyondtrust Privilege Management For Windows

    APP
    Beyondtrust
    ≤ 5.6
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-6250HIGH7.1ten sam produkt

Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint servi...

CVE-2025-2297HIGH7.2ten sam produkt

Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitim...

CVE-2025-0889HIGH7.2ten sam produkt

Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for...

CVE-2020-12615HIGH7.8ten sam produkt

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin...

CVE-2020-12612HIGH7.8ten sam produkt

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When specifying a program...