CVE-2023-4310: Command Injection
First published: Tue Sep 05 2023(Updated: )
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user. This issue is fixed in version 23.2.3.
Credit: cve@mitre.org 9119a7d8-5eab-497f-8521-727c672e3725
| Affected Software | Affected Version | How to fix |
|---|---|---|
| BeyondTrust Privileged Remote Access | =23.2.1 | |
| BeyondTrust Privileged Remote Access | =23.2.2 | |
| Beyondtrust Remote Support | =23.2.1 | |
| Beyondtrust Remote Support | =23.2.2 | |
| =23.2.1 | ||
| =23.2.2 | ||
| =23.2.1 | ||
| =23.2.2 |
Remedy
Apply vendor patch 23.2.3.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 vulnerability?
The vulnerability ID for this BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 vulnerability is CVE-2023-4310.
What is the severity of CVE-2023-4310?
The severity of CVE-2023-4310 is critical with a CVSS score of 9.8.
What software versions are affected by CVE-2023-4310?
BeyondTrust Privileged Remote Access (PRA) version 23.2.1 and 23.2.2, and BeyondTrust Remote Support (RS) version 23.2.1 and 23.2.2 are affected by CVE-2023-4310.
What is the vulnerability description of CVE-2023-4310?
CVE-2023-4310 is a command injection vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 that can be exploited through a malicious HTTP request, allowing an unauthenticated remote attacker to execute arbitrary code.
Are there any references available for CVE-2023-4310?
Yes, you can find references for CVE-2023-4310 [here](https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0020207) and [here](https://www.beyondtrust.com/blog/entry/security-update-for-remote-support-and-privileged-remote-access).
- collector/nvd-index
- agent/references
- agent/type
- agent/weakness
- agent/severity
- agent/remedy
- agent/description
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/beyondtrust
- canonical/beyondtrust privileged remote access
- version/beyondtrust privileged remote access/23.2.1
- version/beyondtrust privileged remote access/23.2.2
- canonical/beyondtrust remote support
- version/beyondtrust remote support/23.2.1
- version/beyondtrust remote support/23.2.2