CVE-2020-12613
Published: 11 December 2023
Summary
CVE-2020-12613 is a high-severity an unspecified weakness vulnerability in Beyondtrust Privilege Management For Windows. Its CVSS base score is 8.8 (High).
Operationally, ranked at the 41.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-4914
Vulnerability details
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. An attacker can spawn a process with multiple users as part of the security token (prior to Avecto elevation). When Avecto elevates the process, it removes the user…
more
who is launching the process, but not the second user. Therefore this second user still retains access and can give permission to the process back to the first user.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.