CVE-2020-12615 Information

Description

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process and specifying that it runs at medium integrity with the user owning the process this security token can be stolen and applied to arbitrary processes.

Reference

https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1 https://www.beyondtrust.com/trust-center/security-advisories/bt22-07