Описание
Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to administrator.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 25.4.270 (исключая)
cpe:2.3:a:beyondtrust:privilege_management_for_windows:*:*:*:*:*:*:*:*
EPSS
Процентиль: 1%
0.00012
Низкий
7.8 High
CVSS3
Дефекты
CWE-268
Связанные уязвимости
CVSS3: 7.8
github
6 месяцев назад
Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to administrator.
EPSS
Процентиль: 1%
0.00012
Низкий
7.8 High
CVSS3
Дефекты
CWE-268