Command-Line Argument Mismanagement in BeyondTrust Privilege Management for Windows and Mac
CVE-2020-9326

7.5HIGH

Key Information:

Vendor
CVE Published:
18 March 2020

What is CVE-2020-9326?

The BeyondTrust Privilege Management for Windows and Mac (formerly Avecto Defendpoint) versions 5.1 to 5.5 before 5.5 SR1 contain a vulnerability that mishandles command-line arguments when PowerShell .ps1 file extensions are present. This issue can lead to an unintended crash of the DefendpointService.exe process, potentially impacting the security and functionality of the application.

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2020-9326 : Command-Line Argument Mismanagement in BeyondTrust Privilege Management for Windows and Mac