CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-12612
https://notcve.org/view.php?id=CVE-2020-12612
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When specifying a program to elevate, it can typically be found within the Program Files (x86) folder and therefore uses the %ProgramFiles(x86)% environment variable. However, when this same policy gets pushed to a 32bit machine, this environment variable does not exist. Therefore, since the standard user can create a user level environment variable, they can repoint this variable to any folder the user has full control of. Then, the folder structure can be created in such a way that a rule matches and arbitrary code runs elevated. • https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1 https://www.beyondtrust.com/trust-center/security-advisories/bt22-09 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12613
https://notcve.org/view.php?id=CVE-2020-12613
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. An attacker can spawn a process with multiple users as part of the security token (prior to Avecto elevation). When Avecto elevates the process, it removes the user who is launching the process, but not the second user. Therefore this second user still retains access and can give permission to the process back to the first user. Se descubrió un problema en BeyondTrust Privilege Management para Windows hasta 5.6. • https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1 https://www.beyondtrust.com/trust-center/security-advisories/bt22-11 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42254
https://notcve.org/view.php?id=CVE-2021-42254
BeyondTrust Privilege Management prior to version 21.6 creates a Temporary File in a Directory with Insecure Permissions. BeyondTrust Privilege Management versiones anteriores a 21.6, crea un Archivo Temporal en un directorio con permisos no seguros • https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0008/MNDT-2021-0008.md https://www.beyondtrust.com/blog • CWE-668: Exposure of Resource to Wrong Sphere •