CVE-2020-12614

EPSS 0.14%
Published 12.12.2023 15:15:07
Last modified 21.11.2024 04:59:55
Source cve@mitre.org
Teams watchlist Login
Open Login

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate (and also requires that the certificate is valid). If an Add Admin token is protected by this criteria, it can be leveraged by a malicious actor to achieve Elevation of Privileges from standard user to administrator.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Beyondtrust ≫ Privilege Management For Windows Version <= 5.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.14%	0.355

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.4	2.5	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1

Release Notes

https://www.beyondtrust.com/trust-center/security-advisories/bt22-10

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-12614

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-12614

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-12614

EUVD