CVE-2020-12613 : Security Advisory and Response

BeyondTrust Privilege Management for Windows through 5.6 allows an attacker to retain access and permissions after a process elevation.

Understanding CVE-2020-12613

An issue in BeyondTrust Privilege Management for Windows allows an attacker to maintain access privileges post-process elevation.

What is CVE-2020-12613?

The vulnerability in BeyondTrust Privilege Management for Windows enables an attacker to retain access and permissions even after a process elevation by Avecto.

The Impact of CVE-2020-12613

This vulnerability can lead to unauthorized access and potential misuse of elevated privileges, posing a significant security risk to affected systems.

Technical Details of CVE-2020-12613

BeyondTrust Privilege Management for Windows through version 5.6 is susceptible to this privilege escalation vulnerability.

Vulnerability Description

An attacker can spawn a process with multiple users in the security token pre-Avecto elevation.
Avecto elevation removes the launching user but not the second user, allowing the second user to retain access.

Affected Systems and Versions

Vendor: BeyondTrust
Product: Privilege Management for Windows
Versions affected: Through 5.6

Exploitation Mechanism

The attacker can exploit this vulnerability by spawning a process with multiple users in the security token before Avecto elevation, enabling the retention of access post-elevation.

Mitigation and Prevention

Immediate Steps to Take:

Update BeyondTrust Privilege Management for Windows to the latest version.
Monitor and restrict user permissions to minimize the impact of unauthorized access. Long-Term Security Practices:
Implement the principle of least privilege to restrict user access rights.
Conduct regular security audits and penetration testing to identify and address vulnerabilities. Patch and Updates:
Apply security patches and updates provided by BeyondTrust to mitigate the CVE-2020-12613 vulnerability.