exploitDog

CVE-2023-49944

Опубликовано: 25 дек. 2023

Источник: nvd

CVSS3: 6.7

EPSS Низкий

Описание

The Challenge Response feature of BeyondTrust Privilege Management for Windows (PMfW) before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating the decrypted shared key in process memory. The threat is mitigated by the Agent Protection feature.

Ссылки

https://www.beyondtrust.com/security
Vendor Advisory
https://www.beyondtrust.com/trust-center/security-advisories/bt23-08
Vendor Advisory
https://www.beyondtrust.com/security
Vendor Advisory
https://www.beyondtrust.com/trust-center/security-advisories/bt23-08
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:beyondtrust:privilege_management_for_windows:*:*:*:*:*:*:*:*

Версия до 2023-07-14 (исключая)

EPSS

Процентиль: 1%

0.00011

Низкий

6.7 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-9rg4-33x9-wfrh

CVSS3: 6.7

github

около 2 лет назад

The Challenge Response feature of BeyondTrust Privilege Management for Windows (PMfW) before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating the decrypted shared key in process memory. The threat is mitigated by the Agent Protection feature.

EPSS

Процентиль: 1%

0.00011

Низкий

6.7 Medium

CVSS3

Дефекты

NVD-CWE-noinfo