CISA Catalog
Data sourced from the official CISA Known Exploited Vulnerabilities Catalog. Federal agencies are required to remediate these vulnerabilities by the due date per BOD 22-01.
KEV Entries
1,619
Ransomware Use
327
Overdue
1,615
Vendors
266
Products
655
3 results · Page 1/1
BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability
BeyondTrust · Remote Support (RS) and Privileged Remote Access (PRA)
BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Successful exploitation could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user. Successful exploitation requires no authentication or user interaction and may lead to system compromise, including unauthorized access, data exfiltration, and service disruption.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability
BeyondTrust · Privileged Remote Access (PRA) and Remote Support (RS)
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain an OS command injection vulnerability that can be exploited by an attacker with existing administrative privileges to upload a malicious file. Successful exploitation of this vulnerability can allow a remote attacker to execute underlying operating system commands within the context of the site user.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability
BeyondTrust · Privileged Remote Access (PRA) and Remote Support (RS)
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain a command injection vulnerability, which can allow an unauthenticated attacker to inject commands that are run as a site user.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
