CVE-2022-25625: Symantec Privileged Access Management Privilege Escalation

The researcher from cyber security company RAS-IT, Nikola Kojichas discovered a critical security vulnerability in the Symantec Privileged Access Management (PAM) that allows a remote attacker to gain elevated privileges on the system.

Symantec Privileged Access Management (PAM) is designed to prevent security breaches by protecting sensitive administrative credentials, controlling privileged user access, proactively enforcing security policies, and monitoring and recording privileged user activity across virtual, cloud, and physical environments. The solution provides a privileged credential vault, session recording, threat analytics, host-based access control for mission-critical servers, and application-to-application password management to address non-human actors, such as applications, configuration files, and scripts.

Privileged Access Management (PAM) helps to prevent data breaches by safeguarding users with special access. It applies an extra layer of protection to these accounts and stops unauthorized users from accessing restricted environments.

Track as CVE-2022-25625 (CVSS score 9.9), the bug has been assigned a critical severity rating. “A malicious PAM unauthorized user can access the PAM configuration endpoints with the read and write permissions when multi-factor authentication (MFA) is enabled, which they might not otherwise be authorized to access,” read the security advisory.

By sending a specially crafted request, an attacker could exploit the CVE-2022-25625 flaw to gain elevated privileges on the affected system.