PT-2023-31416 · Beyondtrust · Beyondtrust Privilege Management For Windows
Published
2023-12-25
·
Updated
2024-01-03
·
CVE-2023-49944
CVSS v3.1
6.7
Medium
| Vector | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
BeyondTrust Privilege Management for Windows versions prior to 2023-07-14
Description
The Challenge Response feature allows local administrators to bypass it by decrypting the shared key or locating the decrypted shared key in process memory. The threat is mitigated by the Agent Protection feature.
Recommendations
For versions prior to 2023-07-14, ensure the Agent Protection feature is enabled to mitigate the threat.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Beyondtrust Privilege Management For Windows