BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user. This issue is fixed in version 23.2.3.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: cisa-cg
Published: 2023-09-05T20:15:57.824Z
Updated: 2024-08-02T07:24:04.471Z
Reserved: 2023-08-11T17:05:35.729Z
Link: CVE-2023-4310
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-09-05T21:15:47.537
Modified: 2023-11-07T04:22:27.147
Link: CVE-2023-4310
Redhat
No data.