Privilege Escalation Vulnerability in BeyondTrust Privilege Management for Windows
CVE-2020-12614

7.8HIGH

Key Information:

Vendor: Beyondtrust
Status: Privilege Management For Windows
Vendor: CVE Published:; 12 December 2023

🔔 Create Beyondtrust Vulnerability Alert

What is CVE-2020-12614?

A vulnerability has been identified in BeyondTrust Privilege Management for Windows, where a specific configuration allows a malicious actor to exploit the publisher criteria for Add Admin tokens. This flaw enables unauthorized users to elevate their privileges from standard user to administrator level by manipulating the publisher name in the security certificate. Proper validation of the publisher and certificate is crucial to prevent potential privilege escalation attacks.

References

https://www.beyondtrust.com/support/changelog/privilege-m...

https://www.beyondtrust.com/trust-center/security-advisor...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2023
Vulnerability Reserved
May 1, 2020