CVE-2020-12615

HIGH

BeyondTrust Privilege Management <5.6 - Privilege Escalation

Title source: llm

Description

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary processes.

References (2)

Core 2

Core References

Release Notes

https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1

Vendor Advisory

https://www.beyondtrust.com/trust-center/security-advisories/bt22-07

Scores

CVSS v3 7.8

EPSS 0.0022

EPSS Percentile 12.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-269

Status published

Products (2)

beyondtrust/privilege_management_for_windows 5.6

beyondtrust/privilege_management_for_windows < 5.6

Published Dec 12, 2023

Tracked Since Feb 18, 2026