CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1591 – Privilege Management for Windows < 24.1 Information Leak
https://notcve.org/view.php?id=CVE-2024-1591
16 Feb 2024 — Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. This allows them to view the policy and potentially find configuration issues. Antes de la versión 24.1, un atacante autenticado local puede ver Sysvol cuando Privilege Management para Windows está configurado para usar una política de GPO. Esto les permite ver la política y potencialmente encontrar problemas de configuración. • https://www.beyondtrust.com/trust-center/security-advisories/bt24-02 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25083
https://notcve.org/view.php?id=CVE-2024-25083
16 Feb 2024 — An issue was discovered in BeyondTrust Privilege Management for Windows before 24.1. When an low-privileged user initiates a repair, there is an attack vector through which the user is able to execute any program with elevated privileges. Se descubrió un problema en BeyondTrust Privilege Management para Windows antes de la versión 24.1. Cuando un usuario con pocos privilegios inicia una reparación, existe un vector de ataque a través del cual el usuario puede ejecutar cualquier programa con privilegios elev... • https://www.beyondtrust.com/trust-center/security-advisories/bt24-01 • CWE-266: Incorrect Privilege Assignment •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49944
https://notcve.org/view.php?id=CVE-2023-49944
25 Dec 2023 — The Challenge Response feature of BeyondTrust Privilege Management for Windows (PMfW) before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating the decrypted shared key in process memory. The threat is mitigated by the Agent Protection feature. La función Challenge Response de BeyondTrust Privilege Management para Windows (PMfW) antes del 14 de julio de 2023 permite a los administradores locales omitir esta función descifrando la clave compartida o loc... • https://www.beyondtrust.com/security •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-12612
https://notcve.org/view.php?id=CVE-2020-12612
12 Dec 2023 — An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When specifying a program to elevate, it can typically be found within the Program Files (x86) folder and therefore uses the %ProgramFiles(x86)% environment variable. However, when this same policy gets pushed to a 32bit machine, this environment variable does not exist. Therefore, since the standard user can create a user level environment variable, they can repoint this variable to any folder the user has full control of.... • https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1 •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12614
https://notcve.org/view.php?id=CVE-2020-12614
12 Dec 2023 — An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate (and also requires that the certificate is valid). If an Add Admin token is protected by this criteria, it can be leveraged by a malicious actor to achieve Elevation of Privileges from standard user to administrator. Se descubrió un problema en BeyondTrust Privilege Management para Windows hasta 5.6. Si se selec... • https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-12615
https://notcve.org/view.php?id=CVE-2020-12615
12 Dec 2023 — An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary processes. Se descubrió un problema en BeyondTrust Privilege Management para Windows hasta 5.6. Al agregar el token Agregar administrador a un proceso y especificar que se ejecute con una integridad media y que el usuario sea propietario de... • https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-28369
https://notcve.org/view.php?id=CVE-2020-28369
12 Dec 2023 — In BeyondTrust Privilege Management for Windows (aka PMfW) through 5.7, a SYSTEM installation causes Cryptbase.dll to be loaded from the user-writable location %WINDIR%\Temp. En BeyondTrust Privilege Management para Windows (también conocido como PMfW) hasta 5.7, una instalación de SISTEMA hace que Cryptbase.dll se cargue desde la ubicación de escritura del usuario %WINDIR%\Temp. • https://www.beyondtrust.com/privilege-management/windows-mac • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12613
https://notcve.org/view.php?id=CVE-2020-12613
11 Dec 2023 — An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. An attacker can spawn a process with multiple users as part of the security token (prior to Avecto elevation). When Avecto elevates the process, it removes the user who is launching the process, but not the second user. Therefore this second user still retains access and can give permission to the process back to the first user. Se descubrió un problema en BeyondTrust Privilege Management para Windows hasta 5.6. • https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1 •
CVSS: 9.0EPSS: 0%CPEs: 25EXPL: 0CVE-2021-3187
https://notcve.org/view.php?id=CVE-2021-3187
11 Dec 2023 — An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a temporary directory) during install time. (This applies to macOS before 10.15.5, or Security Update 2020-003 on Mojave and High Sierra, Later versions of macOS are not vulnerable.) Se descubrió un problema en BeyondTrust Privilege Management para Mac anterior a la versión 5.7. Un usuario autenticado y sin privil... • https://www.beyondtrust.com/docs/release-notes/privilege-management/index.htm •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23632
https://notcve.org/view.php?id=CVE-2023-23632
12 Oct 2023 — BeyondTrust Privileged Remote Access (PRA) versions 22.2.x to 22.4.x are vulnerable to a local authentication bypass. Attackers can exploit a flawed secret verification process in the BYOT shell jump sessions, allowing unauthorized access to jump items by guessing only the first character of the secret. Las versiones 22.2.x a 22.4.x de BeyondTrust Privileged Remote Access (PRA) son vulnerables a una omisión de autenticación local. Los atacantes pueden aprovechar un proceso de verificación de secretos defect... • https://www.compass-security.com/fileadmin/Research/Advisories/2023_03_CSNC-2022-018_PRA_Privilege_Escalation.txt • CWE-287: Improper Authentication •