CVE-2024-1591
Privilege Management for Windows < 24.1 Information Leak
Severity Score
3.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. This allows them to view the policy and potentially find configuration issues.
Antes de la versión 24.1, un atacante autenticado local puede ver Sysvol cuando Privilege Management para Windows está configurado para usar una política de GPO. Esto les permite ver la política y potencialmente encontrar problemas de configuración.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-02-16 CVE Reserved
- 2024-02-16 CVE Published
- 2024-08-01 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
- CAPEC-176: Configuration/Environment Manipulation
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| BeyondTrust Search vendor "BeyondTrust" | Privilege Management For Windows Search vendor "BeyondTrust" for product "Privilege Management For Windows" | >= 1.0 < 24.1 Search vendor "BeyondTrust" for product "Privilege Management For Windows" and version " >= 1.0 < 24.1" | en |
Affected
| ||||||