CVE-2023-4310
published 2023-09-05CVE-2023-4310: BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited…
PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.41%
69.2th percentile
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user. This issue is fixed in version 23.2.3.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| beyondtrust | privileged_remote_access | — | — |
| beyondtrust | privileged_remote_access | — | — |
| beyondtrust | remote_support | — | — |
| beyondtrust | remote_support | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0020207https://www.beyondtrust.com/blog/entry/security-update-for-remote-support-and-privileged-remote-accesshttps://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0020207https://www.beyondtrust.com/blog/entry/security-update-for-remote-support-and-privileged-remote-access
2023-09-05
Published