What is CVE-2024-1591?

CVE-2024-1591 is a low-severity vulnerability in Beyondtrust Privilege Management For Windows, classified under Information Disclosure. CVSS score: 3.3/10. Published 2024-02-16.

How severe is CVE-2024-1591?

Low severity. CVSS v3 base score is 3.3 out of 10.

Information disclosure in Beyondtrust Privilege Management For Windows

CVE-2024-1591

Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. This allows them to view the policy and potentially find configuration issues.

Vulnerability class: Information Disclosure

EPSS: 0.001 (19.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.3 (Low). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.

Affected products

Beyondtrust Privilege Management For Windows — versions 1

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

www.beyondtrust.com/trust-center/security-advisories/bt24-02

Frequently asked questions

What is CVE-2024-1591?: CVE-2024-1591 is a low-severity vulnerability in Beyondtrust Privilege Management For Windows, classified under Information Disclosure. CVSS score: 3.3/10. Published 2024-02-16.
How severe is CVE-2024-1591?: Low severity. CVSS v3 base score is 3.3 out of 10.