How severe is CVE-2020-12612?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2020-12612?

This is classified as NVD-CWE-Other, which is a common weakness in software security.

CVE-2020-12612

HIGH Year: 2020

CVSS v3 Score

7.8

High

Weakness Type

NVD-CWE-Other

View all →

Vulnerability Description

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When specifying a program to elevate, it can typically be found within the Program Files (x86) folder and therefore uses the %ProgramFiles(x86)% environment variable. However, when this same policy gets pushed to a 32bit machine, this environment variable does not exist. Therefore, since the standard user can create a user level environment variable, they can repoint this variable to any folder the user has full control of. Then, the folder structure can be created in such a way that a rule matches and arbitrary code runs elevated.

CVE-2006-4663

HIGH

CVSS:7.8(High)

The source code tar archive of the Linux kernel 2.6.16, 2.6.17.11, and possibly other versions specifies weak permissions (0666 and 0777) for certain files and directories, which might allow local use...

NVD-CWE-Other2006

CVE-2006-6165

HIGH

CVSS:7.8(High)

ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variabl...

NVD-CWE-Other2006

CVE-2007-0257

HIGH

CVSS:7.8(High)

Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating ...

NVD-CWE-Other2007

CVE-2009-1123

HIGH

CVSS:7.8(High)

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows ...

NVD-CWE-Other2009

CVE-2010-0188

HIGH

CVSS:7.8(High)

Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unk...

NVD-CWE-Other2010

CVE-2010-0232

HIGH

CVSS:7.8(High)

The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold an...

NVD-CWE-Other2010

CVE-2020-12612

Vulnerability Description

Related Vulnerabilities

CVE-2006-4663

CVE-2006-6165

CVE-2007-0257

CVE-2009-1123

CVE-2010-0188

CVE-2010-0232