CVE-2020-12614

CVE Database · CVE-2020-12614

CVE-2020-12614

· HIGHModified

CVSS v3.1

7.8

EPSS

0.14%

Published

Dec 12, 2023

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate (and also requires that the certificate is valid). If an Add Admin token is protected by this criteria, it can be leveraged by a malicious actor to achieve Elevation of Privileges from standard user to administrator.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-295

Affected Products (1)

beyondtrust · privilege_management_for_windowsvulnerable

References (4)

https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1

Release Notes

https://www.beyondtrust.com/trust-center/security-advisories/bt22-10

Vendor Advisory

https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1

Release Notes

https://www.beyondtrust.com/trust-center/security-advisories/bt22-10

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs