Advisory ID: BT22-06

White chain icon to symbolize the ability to copy a link
Link copied
Check mark to visually show text has been copied
  • CVSSv3 Score: 6.8
  • Issue Date: 2021-02-01
  • Updated On: 2023-12-05
  • CVE(s): CVE-2021-3187

Synopsis:

Elevation of Privilege in Privilege Management for Mac (PMfM) Installer

Impacted Product:

Privilege Management for Mac (PMfM)

Summary:

A medium severity vulnerability was discovered and verified in BeyondTrust’s Privilege Management for Mac (PMfM) that could allow an attacker to elevate their privileges. Two files in the PMfM installer had incorrect file permissions applied which could enable a user elevated privileges on their machine.

Mitigation:

The permissions of these files in Privilege Management for Mac installer have been reconfigured to provide the correct level of privileges. This has also been fixed with a macOS security patch.

This change was implemented in PMfM version 5.7. BeyondTrust recommend customers update to the latest version of PMfM as soon as possible.

Affected Versions

White chain icon to symbolize the ability to copy a link
Link copied
Check mark to visually show text has been copied
Product Version
Privilege Management for Mac (PMfM) Prior to 5.7

Fixed Versions

White chain icon to symbolize the ability to copy a link
Link copied
Check mark to visually show text has been copied
Product Version
Privilege Management for Mac (PMfM) 5.7 and above

Acknowledgements

White chain icon to symbolize the ability to copy a link
Link copied
Check mark to visually show text has been copied

BeyondTrust would like to acknowledge Lockheed Martin Red team for reporting this issue.

References:

  1. https://www.cve.org/CVERecord?id=CVE-2021-3187
  2. https://nvd.nist.gov/vuln/detail/CVE-2021-3187
Prefers reduced motion setting detected. Animations will now be reduced as a result.