CVE-2023-4310

Published: Sep 5, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user. This issue is fixed in version 23.2.3.

Affected (4)

Products: Beyondtrust: Privileged Remote Access, Remote Support

Beyondtrust

2 products

Privileged Remote Access

Remote Support

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Beyondtrust Privileged Remote Access	Version 23.2.1
Beyondtrust Privileged Remote Access	Version 23.2.2
Beyondtrust Remote Support	Version 23.2.1
Beyondtrust Remote Support	Version 23.2.2

Related CWEs

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (4)

https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0020207

Source: 9119a7d8-5eab-497f-8521-727c672e3725

https://www.beyondtrust.com/blog/entry/security-update-for-remote-support-and-privileged-remote-access

Source: 9119a7d8-5eab-497f-8521-727c672e3725

https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0020207

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.beyondtrust.com/blog/entry/security-update-for-remote-support-and-privileged-remote-access

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.