Advisory ID: BT22-11
CVSSv3 Score: 6.2
Issue Date: 2020-08-01
Updated On: 2023-12-05
CVE(s): CVE-2020-12613
Synopsis:
Elevation of Privilege in Privilege Management for Windows (PMfW)
Impacted Product:
Privilege Management for Windows (PMfW)
Summary:
A medium severity vulnerability was discovered and verified in BeyondTrust’s Privilege Management for Windows (PMfW) that could allow an attacker to elevate their privileges. When utilizing a custom token that assigns medium integrity, an attacker could use a second user account to gain additional privileges.
Mitigation:
This vulnerability was remediated in version 22.3. BeyondTrust recommends customers update to the latest version of PMfW as soon as possible.
Affected Versions
Product | Version |
|---|---|
Privilege Management for Windows (PMfW) | Prior to 22.3 |
Fixed Versions
Product | Version |
|---|---|
Privilege Management for Windows (PMfW) | 22.3 and above |
Acknowledgements
BeyondTrust would like to acknowledge Lockheed Martin Red team for reporting this issue.