Synopsis:
Elevation of Privilege in Privilege Management for Windows (PMfW)
Impacted Product:
Privilege Management for Windows (PMfW)
Summary:
A medium severity vulnerability was discovered and verified in BeyondTrust’s Privilege Management for Windows (PMfW) that could allow an attacker to elevate their privileges. When utilizing a custom token that assigns medium integrity, an attacker could use a second user account to gain additional privileges.
Mitigation:
This vulnerability was remediated in version 22.3. BeyondTrust recommends customers update to the latest version of PMfW as soon as possible.
Product | Version |
---|---|
Privilege Management for Windows (PMfW) | Prior to 22.3 |
Product | Version |
---|---|
Privilege Management for Windows (PMfW) | 22.3 and above |
BeyondTrust would like to acknowledge Lockheed Martin Red team for reporting this issue.