CVE-2023-49944
First published: Mon Dec 25 2023(Updated: )
The Challenge Response feature of BeyondTrust Privilege Management for Windows (PMfW) before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating the decrypted shared key in process memory. The threat is mitigated by the Agent Protection feature.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| <2023-07-14 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-49944?
CVE-2023-49944 is considered a high severity vulnerability due to its potential exploitation by local administrators.
How do I fix CVE-2023-49944?
To fix CVE-2023-49944, upgrade BeyondTrust Privilege Management for Windows to version 2023-07-14 or later.
Who is affected by CVE-2023-49944?
CVE-2023-49944 affects users of BeyondTrust Privilege Management for Windows versions prior to 2023-07-14.
What is the impact of CVE-2023-49944?
The impact of CVE-2023-49944 allows local administrators to bypass the Challenge Response feature, compromising security.
What mitigation is in place for CVE-2023-49944?
The threat of CVE-2023-49944 is mitigated by the Agent Protection feature in BeyondTrust Privilege Management for Windows.
- agent/references
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/author
- agent/severity
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/description
- agent/source
- vendor/beyondtrust
- canonical/beyondtrust privilege management for windows