CVE-2023-4310

CVE Database · CVE-2023-4310

CVE-2023-4310

· CRITICALModified

CVSS v3.1

9.8

EPSS

1.41%

Published

Sep 5, 2023

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user. This issue is fixed in version 23.2.3.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-77CWE-77

Affected Products (4)

beyondtrust · privileged_remote_accessvulnerable

beyondtrust · remote_supportvulnerable

References (4)

https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0020207

https://www.beyondtrust.com/blog/entry/security-update-for-remote-support-and-privileged-remote-access

https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0020207

https://www.beyondtrust.com/blog/entry/security-update-for-remote-support-and-privileged-remote-access

KEV Catalog EPSS Scores Vendors All CVEs