Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-4310

BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user. This issue is fixed in version 23.2.3.

Published

2023-09-05T21:15:47.537

Last Modified

2024-11-21T08:34:49.993

Status

Modified

Source

9119a7d8-5eab-497f-8521-727c672e3725

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-77
Type: Primary
CWE-77

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	beyondtrust	privileged_remote_access	23.2.1	Yes
Application	beyondtrust	privileged_remote_access	23.2.2	Yes
Application	beyondtrust	remote_support	23.2.1	Yes
Application	beyondtrust	remote_support	23.2.2	Yes

References

https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0020207 (9119a7d8-5eab-497f-8521-727c672e3725)
https://www.beyondtrust.com/blog/entry/security-update-for-remote-support-and-privileged-remote-access (9119a7d8-5eab-497f-8521-727c672e3725)
https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0020207 (af854a3a-2127-422b-91ae-364da2661108)
https://www.beyondtrust.com/blog/entry/security-update-for-remote-support-and-privileged-remote-access (af854a3a-2127-422b-91ae-364da2661108)