Impact
Fortra's Core Privileged Access Manager (BoKS) contains an unmanaged OS command injection flaw in its autoregistration daemon (boks_autoregisterd). During autoregistration request processing, a remote attacker can supply crafted input that is forwarded directly to the operating system shell, allowing arbitrary commands to execute with the privileges of the daemon. Because the daemon runs with full system privileges, the flaw permits complete compromise of confidentiality, integrity, and availability of the BoKS host. The likely attack vector is over the network to the service’s default listening port, although the transport protocol is not explicitly stated—TCP is presumed due to the default port designation.
Affected Systems
The vulnerability affects all installations of Fortra Core Privileged Access Manager (BoKS) running any build older than boks-server 8.1.0.23 or 9.0.0.5. It resides in the boks_autoregisterd service, which listens on TCP port 6507 by default, and is present across all supported series prior to those patch releases.
Risk and Exploitability
The CVSS base score of 9.8 classifies the issue as critical severity. The EPSS score is below 1%, indicating that exploitation is presently rare, and it is not listed in CISA KEV. Nonetheless, exploitation requires only network reachability to the autoregistration service; no additional prerequisites are documented. Once accessed, the attacker can run system‑level commands, effectively gaining full control of the target. Due to the severe potential impact, the bug represents a high‑priority risk that must be mitigated promptly even if current exploitation rates are low.
OpenCVE Enrichment