Challenge Response Bypass in BeyondTrust Privilege Management for Windows
CVE-2023-49944

6.7MEDIUM

Key Information:

Vendor: Beyondtrust
Status: Privilege Management For Windows
Vendor: CVE Published:; 25 December 2023

🔔 Create Beyondtrust Vulnerability Alert

What is CVE-2023-49944?

The Challenge Response feature in BeyondTrust Privilege Management for Windows before July 14, 2023, has a significant vulnerability that enables local administrators to bypass security measures. This is achieved by decrypting the shared key or accessing it in plaintext within process memory. While the Agent Protection feature offers some level of mitigation, the risk posed by the vulnerability necessitates immediate attention to prevent unauthorized access.

References

https://www.beyondtrust.com/security

https://www.beyondtrust.com/trust-center/security-advisor...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 25, 2023
Vulnerability Reserved
Dec 3, 2023