Vulnerability Description
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user. This issue is fixed in version 23.2.3.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Beyondtrust | Privileged Remote Access | 23.2.1 |
| Beyondtrust | Remote Support | 23.2.1 |
Related Weaknesses (CWE)
References
- https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=K
- https://www.beyondtrust.com/blog/entry/security-update-for-remote-support-and-pr
- https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=K
- https://www.beyondtrust.com/blog/entry/security-update-for-remote-support-and-pr
FAQ
What is CVE-2023-4310?
CVE-2023-4310 is a vulnerability with a CVSS score of 9.8 (CRITICAL). BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Success...
How severe is CVE-2023-4310?
CVE-2023-4310 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-4310?
Check the references section above for vendor advisories and patch information. Affected products include: Beyondtrust Privileged Remote Access, Beyondtrust Remote Support.