CVE-2023-23632
First published: Thu Oct 12 2023(Updated: )
BeyondTrust Privileged Remote Access (PRA) versions 22.2.x to 22.4.x are vulnerable to a local authentication bypass. Attackers can exploit a flawed secret verification process in the BYOT shell jump sessions, allowing unauthorized access to jump items by guessing only the first character of the secret.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| BeyondTrust Privileged Remote Access | >=22.2.1<22.3.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this BeyondTrust Privileged Remote Access vulnerability?
The vulnerability ID for this BeyondTrust Privileged Remote Access vulnerability is CVE-2023-23632.
What is the severity of CVE-2023-23632?
The severity of CVE-2023-23632 is high (7.8).
Which versions of BeyondTrust Privileged Remote Access are affected by this vulnerability?
BeyondTrust Privileged Remote Access versions 22.2.x to 22.4.x are affected by this vulnerability.
How does this vulnerability in BeyondTrust Privileged Remote Access allow unauthorized access?
This vulnerability in BeyondTrust Privileged Remote Access allows unauthorized access by exploiting a flawed secret verification process in the BYOT shell jump sessions.
Is there a fix available for CVE-2023-23632?
Yes, it is recommended to update to a version of BeyondTrust Privileged Remote Access that is not affected by this vulnerability.
- collector/nvd-api
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/event
- agent/softwarecombine
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/beyondtrust
- canonical/beyondtrust privileged remote access
- version/beyondtrust privileged remote access/22.2.1