CVE-2024-4017 – Privilege Escalation in U-Series Appliance
https://notcve.org/view.php?id=CVE-2024-4017
Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (filesystem modules) allows DLL Side-Loading.This issue affects U-Series Appliance: from 3.4 before 4.0.3. Vulnerabilidad de gestión de privilegios inadecuada en el dispositivo BeyondTrust U-Series en Windows, 64 bits (módulos de sistema de archivos) permite la carga lateral de DLL. Este problema afecta al dispositivo U-Series: desde 3.4 antes de 4.0.3. • https://www.beyondtrust.com/docs/release-notes/u-series-appliance/bt-appliance-u-series-software-4-0-3.htm • CWE-269: Improper Privilege Management •
CVE-2024-4018 – Privilege Escalation in U-Series Appliance
https://notcve.org/view.php?id=CVE-2024-4018
Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (local appliance api modules) allows Privilege Escalation.This issue affects U-Series Appliance: from 3.4 before 4.0.3. Una vulnerabilidad de gestión de privilegios inadecuada en el dispositivo BeyondTrust U-Series en Windows de 64 bits (módulos de API del dispositivo local) permite la escalada de privilegios. Este problema afecta al dispositivo U-Series: desde 3.4 antes de 4.0.3. • https://www.beyondtrust.com/docs/release-notes/u-series-appliance/bt-appliance-u-series-software-4-0-3.htm • CWE-269: Improper Privilege Management •
CVE-2024-1591 – Privilege Management for Windows < 24.1 Information Leak
https://notcve.org/view.php?id=CVE-2024-1591
Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. This allows them to view the policy and potentially find configuration issues. Antes de la versión 24.1, un atacante autenticado local puede ver Sysvol cuando Privilege Management para Windows está configurado para usar una política de GPO. Esto les permite ver la política y potencialmente encontrar problemas de configuración. • https://www.beyondtrust.com/trust-center/security-advisories/bt24-02 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-49944
https://notcve.org/view.php?id=CVE-2023-49944
The Challenge Response feature of BeyondTrust Privilege Management for Windows (PMfW) before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating the decrypted shared key in process memory. The threat is mitigated by the Agent Protection feature. La función Challenge Response de BeyondTrust Privilege Management para Windows (PMfW) antes del 14 de julio de 2023 permite a los administradores locales omitir esta función descifrando la clave compartida o localizando la clave compartida descifrada en la memoria de proceso. La amenaza se mitiga mediante la función Agent Protection. • https://www.beyondtrust.com/security https://www.beyondtrust.com/trust-center/security-advisories/bt23-08 •
CVE-2020-12615
https://notcve.org/view.php?id=CVE-2020-12615
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary processes. Se descubrió un problema en BeyondTrust Privilege Management para Windows hasta 5.6. Al agregar el token Agregar administrador a un proceso y especificar que se ejecute con una integridad media y que el usuario sea propietario del proceso, este token de seguridad se puede robar y aplicar a procesos arbitrarios. • https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1 https://www.beyondtrust.com/trust-center/security-advisories/bt22-07 • CWE-269: Improper Privilege Management •