Advisory ID: BT22-07
CVSSv3 Score: 6.8
Issue Date: 2020-08-01
Updated On: 2023-12-05
CVE(s): CVE-2020-12615
Synopsis:
Elevation of Privilege in Privilege Management for Windows (PMfW)
Impacted Product:
Privilege Management for Windows (PMfW)
Summary:
A medium severity vulnerability was discovered and verified in BeyondTrust’s Privilege Management for Windows (PMfW) that could allow an attacker to elevate their privileges. When utilizing a custom token that assigns medium integrity and the user as the token owner, an attacker could potentially steal this token and apply it to an arbitrary process.
Mitigation:
This vulnerability was remediated in version 5.6 SR2. BeyondTrust recommends customers update to the latest version of PMfW as soon as possible.
Affected Versions
Product | Version |
|---|---|
Privilege Management for Windows (PMfW) | Prior to 5.6 SR2 |
Fixed Versions
Product | Version |
|---|---|
Privilege Management for Windows (PMfW) | 5.6 SR2 and above |
Acknowledgements
BeyondTrust would like to acknowledge Lockheed Martin Red team for reporting this issue.