Advisory ID: BT22-06
CVSSv3 Score: 6.8
Issue Date: 2021-02-01
Updated On: 2023-12-05
CVE(s): CVE-2021-3187
Synopsis:
Elevation of Privilege in Privilege Management for Mac (PMfM) Installer
Impacted Product:
Privilege Management for Mac (PMfM)
Summary:
A medium severity vulnerability was discovered and verified in BeyondTrust’s Privilege Management for Mac (PMfM) that could allow an attacker to elevate their privileges. Two files in the PMfM installer had incorrect file permissions applied which could enable a user elevated privileges on their machine.
Mitigation:
The permissions of these files in Privilege Management for Mac installer have been reconfigured to provide the correct level of privileges. This has also been fixed with a macOS security patch.
This change was implemented in PMfM version 5.7. BeyondTrust recommend customers update to the latest version of PMfM as soon as possible.
Affected Versions
Product | Version |
|---|---|
Privilege Management for Mac (PMfM) | Prior to 5.7 |
Fixed Versions
Product | Version |
|---|---|
Privilege Management for Mac (PMfM) | 5.7 and above |
Acknowledgements
BeyondTrust would like to acknowledge Lockheed Martin Red team for reporting this issue.