Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Remote Support (RS) by BeyondTrust

    CVE-2023-4310 (GCVE-0-2023-4310)

    Vulnerability from nvd – Published: 2023-09-05 20:15 – Updated: 2024-10-01 14:58
    VLAI
    Summary
    BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user. This issue is fixed in version 23.2.3.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Impacted products
    Date Public
    2023-08-03 10:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:24:04.471Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.beyondtrust.com/blog/entry/security-update-for-remote-support-and-privileged-remote-access"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://beyondtrustcorp.service-now.com/csm?id=kb_article_view\u0026sysparm_article=KB0020207"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4310",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-01T14:57:35.636227Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-01T14:58:14.818Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Privileged Remote Access (PRA)",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "status": "affected",
                  "version": "23.2.1"
                },
                {
                  "status": "affected",
                  "version": "23.2.2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Remote Support (RS)",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "status": "affected",
                  "version": "23.2.1"
                },
                {
                  "status": "affected",
                  "version": "23.2.2"
                }
              ]
            }
          ],
          "datePublic": "2023-08-03T10:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user. This issue is fixed in version 23.2.3.\u003cbr\u003e"
                }
              ],
              "value": "BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user. This issue is fixed in version 23.2.3.\n"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-05T20:15:57.824Z",
            "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
            "shortName": "cisa-cg"
          },
          "references": [
            {
              "url": "https://www.beyondtrust.com/blog/entry/security-update-for-remote-support-and-privileged-remote-access"
            },
            {
              "url": "https://beyondtrustcorp.service-now.com/csm?id=kb_article_view\u0026sysparm_article=KB0020207"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Apply vendor patch 23.2.3."
                }
              ],
              "value": "Apply vendor patch 23.2.3."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "assignerShortName": "cisa-cg",
        "cveId": "CVE-2023-4310",
        "datePublished": "2023-09-05T20:15:57.824Z",
        "dateReserved": "2023-08-11T17:05:35.729Z",
        "dateUpdated": "2024-10-01T14:58:14.818Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4310 (GCVE-0-2023-4310)

    Vulnerability from cvelistv5 – Published: 2023-09-05 20:15 – Updated: 2024-10-01 14:58
    VLAI
    Summary
    BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user. This issue is fixed in version 23.2.3.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Impacted products
    Date Public
    2023-08-03 10:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:24:04.471Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.beyondtrust.com/blog/entry/security-update-for-remote-support-and-privileged-remote-access"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://beyondtrustcorp.service-now.com/csm?id=kb_article_view\u0026sysparm_article=KB0020207"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4310",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-01T14:57:35.636227Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-01T14:58:14.818Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Privileged Remote Access (PRA)",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "status": "affected",
                  "version": "23.2.1"
                },
                {
                  "status": "affected",
                  "version": "23.2.2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Remote Support (RS)",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "status": "affected",
                  "version": "23.2.1"
                },
                {
                  "status": "affected",
                  "version": "23.2.2"
                }
              ]
            }
          ],
          "datePublic": "2023-08-03T10:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user. This issue is fixed in version 23.2.3.\u003cbr\u003e"
                }
              ],
              "value": "BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user. This issue is fixed in version 23.2.3.\n"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-05T20:15:57.824Z",
            "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
            "shortName": "cisa-cg"
          },
          "references": [
            {
              "url": "https://www.beyondtrust.com/blog/entry/security-update-for-remote-support-and-privileged-remote-access"
            },
            {
              "url": "https://beyondtrustcorp.service-now.com/csm?id=kb_article_view\u0026sysparm_article=KB0020207"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Apply vendor patch 23.2.3."
                }
              ],
              "value": "Apply vendor patch 23.2.3."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "assignerShortName": "cisa-cg",
        "cveId": "CVE-2023-4310",
        "datePublished": "2023-09-05T20:15:57.824Z",
        "dateReserved": "2023-08-11T17:05:35.729Z",
        "dateUpdated": "2024-10-01T14:58:14.818Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }