CVE-2020-12614

EPSS 0.14%
Veröffentlicht 12.12.2023 15:15:07
Zuletzt bearbeitet 21.11.2024 04:59:55
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate (and also requires that the certificate is valid). If an Add Admin token is protected by this criteria, it can be leveraged by a malicious actor to achieve Elevation of Privileges from standard user to administrator.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Beyondtrust ≫ Privilege Management For Windows Version <= 5.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.355

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.4	2.5	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1

Release Notes

https://www.beyondtrust.com/trust-center/security-advisories/bt22-10

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-12614

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-12614

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-12614

EUVD