Описание
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary processes.
Ссылки
- Release Notes
- Vendor Advisory
- Release Notes
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.6 (исключая)
Одно из
cpe:2.3:a:beyondtrust:privilege_management_for_windows:*:*:*:*:*:*:*:*
cpe:2.3:a:beyondtrust:privilege_management_for_windows:5.6:-:*:*:*:*:*:*
EPSS
Процентиль: 36%
0.00154
Низкий
7.8 High
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-269
Связанные уязвимости
CVSS3: 7.8
github
около 2 лет назад
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary processes.
EPSS
Процентиль: 36%
0.00154
Низкий
7.8 High
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-269