QwikSec

Security Database

CVE

CWE

Training

CVE-2023-4310

Published: Sep 5, 2023

Modified: Oct 1, 2024

PUBLISHED

Description

BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user. This issue is fixed in version 23.2.3.

Vendor	Product	Versions
BeyondTrust	Privileged Remote Access (PRA)	affected `23.2.1` affected `23.2.2`
BeyondTrust	Remote Support (RS)	affected `23.2.1` affected `23.2.2`

Weaknesses (CWE)

References

https://www.beyondtrust.com/blog/entry/security-update-for-remote-support-and-privileged-remote-access

https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0020207

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.