• CVSSv3 Score: 6.8
  • Issue Date: 2020-08-01
  • Updated On: 2023-12-05
  • CVE(s): CVE-2020-12615


Elevation of Privilege in Privilege Management for Windows (PMfW)

Impacted Product:

Privilege Management for Windows (PMfW)


A medium severity vulnerability was discovered and verified in BeyondTrust’s Privilege Management for Windows (PMfW) that could allow an attacker to elevate their privileges. When utilizing a custom token that assigns medium integrity and the user as the token owner, an attacker could potentially steal this token and apply it to an arbitrary process.


This vulnerability was remediated in version 5.6 SR2. BeyondTrust recommends customers update to the latest version of PMfW as soon as possible.

Product Version
Privilege Management for Windows (PMfW) Prior to 5.6 SR2
Product Version
Privilege Management for Windows (PMfW) 5.6 SR2 and above

BeyondTrust would like to acknowledge Lockheed Martin Red team for reporting this issue.


  1. https://www.cve.org/CVERecord?id=CVE-2020-12615
  2. https://nvd.nist.gov/vuln/detail/CVE-2020-12615
Prefers reduced motion setting detected. Animations will now be reduced as a result.