CVE-2024-1591 LOW

CVE-2024-1591: Privilege Management for Windows < 24.1 Information Leak

Vendor Beyondtrust

Product Privilege Management for Windows

Weakness CWE-200 · Info exposure

Published February 16, 2024

Last update August 1, 2024

View on NVD All CVEs

CVSS base score

3.3/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. This allows them to view the policy and potentially find configuration issues.

Key dates

02Disclosure timeline

February 16, 2024 CVE published

August 1, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-1591 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

Identifiers

CVE CVE-2024-1591

CWE CWE-200

CVSS 3.3 / LOW

Affected versions