CVE Vulnerabilities

CVE-2020-12615

Published: Dec 12, 2023 | Modified: Dec 15, 2023
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary processes.

Affected Software

Name Vendor Start Version End Version
Privilege_management_for_windows Beyondtrust * 5.6 (excluding)
Privilege_management_for_windows Beyondtrust 5.6 (including) 5.6 (including)

References