Advisory ID: BT22-11

White chain icon to symbolize the ability to copy a link
Link copied
Check mark to visually show text has been copied
  • CVSSv3 Score: 6.2
  • Issue Date: 2020-08-01
  • Updated On: 2023-12-05
  • CVE(s): CVE-2020-12613

Synopsis:

Elevation of Privilege in Privilege Management for Windows (PMfW)

Impacted Product:

Privilege Management for Windows (PMfW)

Summary:

A medium severity vulnerability was discovered and verified in BeyondTrust’s Privilege Management for Windows (PMfW) that could allow an attacker to elevate their privileges. When utilizing a custom token that assigns medium integrity, an attacker could use a second user account to gain additional privileges.

Mitigation:

This vulnerability was remediated in version 22.3. BeyondTrust recommends customers update to the latest version of PMfW as soon as possible.

Affected Versions

White chain icon to symbolize the ability to copy a link
Link copied
Check mark to visually show text has been copied
Product Version
Privilege Management for Windows (PMfW) Prior to 22.3

Fixed Versions

White chain icon to symbolize the ability to copy a link
Link copied
Check mark to visually show text has been copied
Product Version
Privilege Management for Windows (PMfW) 22.3 and above

Acknowledgements

White chain icon to symbolize the ability to copy a link
Link copied
Check mark to visually show text has been copied

BeyondTrust would like to acknowledge Lockheed Martin Red team for reporting this issue.

References:

  1. https://www.cve.org/CVERecord?id=CVE-2020-12613
  2. https://nvd.nist.gov/vuln/deta...
Prefers reduced motion setting detected. Animations will now be reduced as a result.