Impact
BeyondTrust Remote Support (RS) and older editions of Privileged Remote Access (PRA) have a pre‑authentication remote code execution flaw (CWE‑78). Attackers can send specially crafted requests to the service, causing it to execute arbitrary operating system commands under the context of the site user, enabling full compromise of the host and jeopardizing confidentiality, integrity, and availability.
Affected Systems
The vulnerability affects BeyondTrust Remote Support and Privileged Remote Access. Specific version ranges are not listed in the data, so any installation of RS or older releases of PRA that considered at risk. Based on the information, it is uncertain which exact older releases un should be evaluated.
Risk and Exploitability
The CVSS score of 9.9 indicates critical severity. The EPSS score of 88% indicates a high likelihood that the vulnerability may be exploited. Based on the description, it is inferred that the attack vector is remote and requires no authentication, allowing an unauthenticated attacker to trigger the flaw over the network. The vulnerability is listed in the CISA KEV catalog.
OpenCVE Enrichment