Vulnerabilites related to beyondtrust - remote_support
Vulnerability from fkie_nvd
Published
2023-09-05 21:15
Modified
2024-11-21 08:34
Severity ?
Summary
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user. This issue is fixed in version 23.2.3.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| beyondtrust | privileged_remote_access | 23.2.1 | |
| beyondtrust | privileged_remote_access | 23.2.2 | |
| beyondtrust | remote_support | 23.2.1 | |
| beyondtrust | remote_support | 23.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beyondtrust:privileged_remote_access:23.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "402E7658-AAFA-41FF-A4E1-1DF4FD845BC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beyondtrust:privileged_remote_access:23.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3366D2EE-532C-4741-B32A-575E8B1A9AF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beyondtrust:remote_support:23.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FABCD6F1-8D5A-4373-83B5-9DDE81331343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beyondtrust:remote_support:23.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E495D6D-7D56-41E6-B62A-0081AD9146BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user. This issue is fixed in version 23.2.3.\n"
},
{
"lang": "es",
"value": "BeyondTrust Privileged Remote Access (PRA) y Remote Support (RS) versiones 23.2.1 y 23.2.2 contienen una vulnerabilidad de inyecci\u00f3n de comandos que puede explotarse mediante una solicitud HTTP maliciosa. La explotaci\u00f3n exitosa de esta vulnerabilidad puede permitir que un atacante remoto no autenticado ejecute comandos del sistema operativo subyacente dentro del contexto del usuario del sitio. Este problema se solucion\u00f3 en la versi\u00f3n 23.2.3.\n"
}
],
"id": "CVE-2023-4310",
"lastModified": "2024-11-21T08:34:49.993",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-05T21:15:47.537",
"references": [
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"url": "https://beyondtrustcorp.service-now.com/csm?id=kb_article_view\u0026sysparm_article=KB0020207"
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"url": "https://www.beyondtrust.com/blog/entry/security-update-for-remote-support-and-privileged-remote-access"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://beyondtrustcorp.service-now.com/csm?id=kb_article_view\u0026sysparm_article=KB0020207"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.beyondtrust.com/blog/entry/security-update-for-remote-support-and-privileged-remote-access"
}
],
"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-26 18:29
Modified
2024-11-21 03:28
Severity ?
Summary
The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4 allows DLL hijacking because of weak %SYSTEMDRIVE%\ProgramData permissions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securitytracker.com/id/1039679 | Issue Tracking, Release Notes, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.vsecurity.com/download/advisories/20171026-1.txt | Issue Tracking, Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039679 | Issue Tracking, Release Notes, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vsecurity.com/download/advisories/20171026-1.txt | Issue Tracking, Release Notes, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| beyondtrust | remote_support | 15.2.1 | |
| beyondtrust | remote_support | 15.2.2 | |
| beyondtrust | remote_support | 16.1.1 | |
| beyondtrust | remote_support | 16.1.2 | |
| beyondtrust | remote_support | 16.1.3 | |
| beyondtrust | remote_support | 16.1.4 | |
| beyondtrust | remote_support | 16.2.1 | |
| beyondtrust | remote_support | 16.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beyondtrust:remote_support:15.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1363EEB2-56F2-44C4-BAFA-24C3AC2B4F74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beyondtrust:remote_support:15.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE44DBD-8640-4865-86F3-96606753C48A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beyondtrust:remote_support:16.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C952A3D0-FC19-4EAF-8718-23C5D7573842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beyondtrust:remote_support:16.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AF00A6B7-0A0B-40C2-9B8D-95029EBF26C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beyondtrust:remote_support:16.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "12372348-DDE7-4B20-AEF4-E15F2C8B1809",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beyondtrust:remote_support:16.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6B6BABD5-F669-4F2B-8CB4-7CC2B51C317B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beyondtrust:remote_support:16.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA76DE81-E01A-4588-ACF9-5FEECED40D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beyondtrust:remote_support:16.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "966A2B1D-DB15-4253-A74B-B788F33C3373",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4 allows DLL hijacking because of weak %SYSTEMDRIVE%\\ProgramData permissions."
},
{
"lang": "es",
"value": "El agente en Bomgar Remote Support en versiones 15.2.x anteriores a la 15.2.3, las 16.1.x anteriores a la 16.1.5, y las 16.2.x anteriores a la 16.2.4 permite el secuestro de DLL debido al uso de permisos %SYSTEMDRIVE%\\ProgramData d\u00e9biles."
}
],
"id": "CVE-2017-5996",
"lastModified": "2024-11-21T03:28:51.707",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-26T18:29:00.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Release Notes",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039679"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Release Notes",
"Third Party Advisory"
],
"url": "https://www.vsecurity.com/download/advisories/20171026-1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Release Notes",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Release Notes",
"Third Party Advisory"
],
"url": "https://www.vsecurity.com/download/advisories/20171026-1.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-12-18 21:15
Modified
2025-01-14 16:10
Severity ?
6.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| 13061848-ea10-403d-bd75-c83a022c2891 | https://nvd.nist.gov/vuln/detail/CVE-2024-12686 | Third Party Advisory, US Government Resource | |
| 13061848-ea10-403d-bd75-c83a022c2891 | https://www.beyondtrust.com/trust-center/security-advisories/bt24-11 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| beyondtrust | privileged_remote_access | * | |
| beyondtrust | remote_support | * |
{
"cisaActionDue": "2025-02-03",
"cisaExploitAdd": "2025-01-13",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beyondtrust:privileged_remote_access:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D402E4B5-D3EA-4AD1-8954-92FB6A873906",
"versionEndIncluding": "24.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beyondtrust:remote_support:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0D0CD2-E8CE-40B6-B8F0-2FB1A98DA3F8",
"versionEndIncluding": "24.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user."
},
{
"lang": "es",
"value": "Se ha descubierto una vulnerabilidad en Privileged Remote Access (PRA) y Remote Support (RS) que puede permitir que un atacante con privilegios administrativos existentes inyecte comandos y se ejecute como un usuario del sitio."
}
],
"id": "CVE-2024-12686",
"lastModified": "2025-01-14T16:10:03.853",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9,
"source": "13061848-ea10-403d-bd75-c83a022c2891",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-12-18T21:15:08.020",
"references": [
{
"source": "13061848-ea10-403d-bd75-c83a022c2891",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12686"
},
{
"source": "13061848-ea10-403d-bd75-c83a022c2891",
"tags": [
"Vendor Advisory"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-11"
}
],
"sourceIdentifier": "13061848-ea10-403d-bd75-c83a022c2891",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "13061848-ea10-403d-bd75-c83a022c2891",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-12-17 05:15
Modified
2025-02-17 21:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| 13061848-ea10-403d-bd75-c83a022c2891 | https://nvd.nist.gov/vuln/detail/CVE-2024-12356 | Third Party Advisory, US Government Resource | |
| 13061848-ea10-403d-bd75-c83a022c2891 | https://www.beyondtrust.com/trust-center/security-advisories/bt24-10 | Vendor Advisory | |
| 13061848-ea10-403d-bd75-c83a022c2891 | https://www.cve.org/CVERecord?id=CVE-2024-12356 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| beyondtrust | privileged_remote_access | * | |
| beyondtrust | remote_support | * |
{
"cisaActionDue": "2024-12-27",
"cisaExploitAdd": "2024-12-19",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability ",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beyondtrust:privileged_remote_access:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D402E4B5-D3EA-4AD1-8954-92FB6A873906",
"versionEndIncluding": "24.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beyondtrust:remote_support:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0D0CD2-E8CE-40B6-B8F0-2FB1A98DA3F8",
"versionEndIncluding": "24.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user."
},
{
"lang": "es",
"value": "Se ha descubierto una vulnerabilidad cr\u00edtica en los productos Privileged Remote Access (PRA) and Remote Support (RS) que puede permitir que un atacante no autenticado inyecte comandos que se ejecutan como un usuario del sitio."
}
],
"id": "CVE-2024-12356",
"lastModified": "2025-02-17T21:15:10.327",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "13061848-ea10-403d-bd75-c83a022c2891",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-12-17T05:15:06.413",
"references": [
{
"source": "13061848-ea10-403d-bd75-c83a022c2891",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12356"
},
{
"source": "13061848-ea10-403d-bd75-c83a022c2891",
"tags": [
"Vendor Advisory"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-10"
},
{
"source": "13061848-ea10-403d-bd75-c83a022c2891",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12356"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis"
}
],
"sourceIdentifier": "13061848-ea10-403d-bd75-c83a022c2891",
"vulnStatus": "Undergoing Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "13061848-ea10-403d-bd75-c83a022c2891",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2024-12686
Vulnerability from cvelistv5
Published
2024-12-18 20:23
Modified
2025-01-13 17:20
Severity ?
EPSS score ?
Summary
A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BeyondTrust | Remote Support(RS) & Privileged Remote Access(PRA) |
Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12686",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T15:32:45.601180Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-01-13",
"reference": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T17:20:22.996Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2025-01-13T00:00:00+00:00",
"value": "CVE-2024-12686 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Remote Support(RS) \u0026 Privileged Remote Access(PRA)",
"vendor": "BeyondTrust",
"versions": [
{
"lessThanOrEqual": "24.3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-12-18T19:41:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T20:23:57.909Z",
"orgId": "13061848-ea10-403d-bd75-c83a022c2891",
"shortName": "BT"
},
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12686"
},
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-11"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection vulnerability in Remote Support(RS) \u0026 Privilege Remote Access (PRA)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
"assignerShortName": "BT",
"cveId": "CVE-2024-12686",
"datePublished": "2024-12-18T20:23:57.909Z",
"dateReserved": "2024-12-16T18:58:57.921Z",
"dateUpdated": "2025-01-13T17:20:22.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-12356
Vulnerability from cvelistv5
Published
2024-12-17 04:29
Modified
2025-02-17 20:34
Severity ?
EPSS score ?
Summary
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | BeyondTrust | Remote Support |
Version: 0 < |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12356",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-19T18:04:49.357119Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-12-19",
"reference": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T23:20:22.733Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2024-12-19T00:00:00+00:00",
"value": "CVE-2024-12356 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-02-17T20:34:17.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Remote Support",
"vendor": "BeyondTrust",
"versions": [
{
"lessThanOrEqual": "24.3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Privileged Remote Access",
"vendor": "BeyondTrust",
"versions": [
{
"lessThanOrEqual": "24.3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-12-17T04:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user. \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T19:35:07.022Z",
"orgId": "13061848-ea10-403d-bd75-c83a022c2891",
"shortName": "BT"
},
"references": [
{
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12356"
},
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12356"
},
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-10"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection Vulnerability in Remote Support(RS) \u0026 Privileged Remote Access (PRA)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
"assignerShortName": "BT",
"cveId": "CVE-2024-12356",
"datePublished": "2024-12-17T04:29:07.883Z",
"dateReserved": "2024-12-08T18:31:21.494Z",
"dateUpdated": "2025-02-17T20:34:17.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5996
Vulnerability from cvelistv5
Published
2017-10-26 18:00
Modified
2024-08-05 15:18
Severity ?
EPSS score ?
Summary
The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4 allows DLL hijacking because of weak %SYSTEMDRIVE%\ProgramData permissions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vsecurity.com/download/advisories/20171026-1.txt | x_refsource_MISC | |
| http://www.securitytracker.com/id/1039679 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vsecurity.com/download/advisories/20171026-1.txt"
},
{
"name": "1039679",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039679"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4 allows DLL hijacking because of weak %SYSTEMDRIVE%\\ProgramData permissions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-28T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vsecurity.com/download/advisories/20171026-1.txt"
},
{
"name": "1039679",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039679"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4 allows DLL hijacking because of weak %SYSTEMDRIVE%\\ProgramData permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vsecurity.com/download/advisories/20171026-1.txt",
"refsource": "MISC",
"url": "https://www.vsecurity.com/download/advisories/20171026-1.txt"
},
{
"name": "1039679",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039679"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5996",
"datePublished": "2017-10-26T18:00:00",
"dateReserved": "2017-02-15T00:00:00",
"dateUpdated": "2024-08-05T15:18:49.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4310
Vulnerability from cvelistv5
Published
2023-09-05 20:15
Modified
2024-10-01 14:58
Severity ?
EPSS score ?
Summary
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user. This issue is fixed in version 23.2.3.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | BeyondTrust | Privileged Remote Access (PRA) |
Version: 23.2.1 Version: 23.2.2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/blog/entry/security-update-for-remote-support-and-privileged-remote-access"
},
{
"tags": [
"x_transferred"
],
"url": "https://beyondtrustcorp.service-now.com/csm?id=kb_article_view\u0026sysparm_article=KB0020207"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4310",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T14:57:35.636227Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T14:58:14.818Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Privileged Remote Access (PRA)",
"vendor": "BeyondTrust",
"versions": [
{
"status": "affected",
"version": "23.2.1"
},
{
"status": "affected",
"version": "23.2.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Remote Support (RS)",
"vendor": "BeyondTrust",
"versions": [
{
"status": "affected",
"version": "23.2.1"
},
{
"status": "affected",
"version": "23.2.2"
}
]
}
],
"datePublic": "2023-08-03T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user. This issue is fixed in version 23.2.3.\u003cbr\u003e"
}
],
"value": "BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user. This issue is fixed in version 23.2.3.\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-05T20:15:57.824Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"url": "https://www.beyondtrust.com/blog/entry/security-update-for-remote-support-and-privileged-remote-access"
},
{
"url": "https://beyondtrustcorp.service-now.com/csm?id=kb_article_view\u0026sysparm_article=KB0020207"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apply vendor patch 23.2.3."
}
],
"value": "Apply vendor patch 23.2.3."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2023-4310",
"datePublished": "2023-09-05T20:15:57.824Z",
"dateReserved": "2023-08-11T17:05:35.729Z",
"dateUpdated": "2024-10-01T14:58:14.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}