Advisory ID: BT22-09

White chain icon to symbolize the ability to copy a link
Link copied
Check mark to visually show text has been copied
  • CVSSv3 Score: 6.5
  • Issue Date: 2020-08-01
  • Updated On: 2023-12-05
  • CVE(s): CVE-2020-12612

Synopsis:

Variable querying in Privilege Management for Windows (PMfW)

Impacted Product:

Privilege Management for Windows (PMfW)

Summary:

A medium severity vulnerability was discovered and verified in BeyondTrust’s Privilege Management for Windows (PMfW) whereby an attacker on a 32-bit machine could bypass application matching criteria. PMfW would match against user-level environment variables when checking application matching criteria. This could allow a malicious actor to bypass some application definitions by specifying their own environment variables.

Mitigation:

PMfW default behavior was changed to check against system-level environment variables by default. This change was introduced in version 5.6SR2 of Privilege Management for Windows. BeyondTrust recommends customers upgrade to the latest version of PMfW as soon as possible.

Affected Versions

White chain icon to symbolize the ability to copy a link
Link copied
Check mark to visually show text has been copied
Product Version
Privilege Management for Windows (PMfW) Prior to 5.6 SR2

Fixed Versions

White chain icon to symbolize the ability to copy a link
Link copied
Check mark to visually show text has been copied
Product Version
Privilege Management for Windows (PMfW) 5.6 SR2 and above

Acknowledgements

White chain icon to symbolize the ability to copy a link
Link copied
Check mark to visually show text has been copied

BeyondTrust would like to acknowledge Lockheed Martin Red team for reporting this issue.

References:

  1. https://www.cve.org/CVERecord?id=CVE-2020-12612
  2. https://nvd.nist.gov/vuln/deta...
Prefers reduced motion setting detected. Animations will now be reduced as a result.