Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
33 vulnerabilities by beyondtrust
CVE-2026-1731 (GCVE-0-2026-1731)
Vulnerability from cvelistv5 – Published: 2026-02-06 21:49 – Updated: 2026-02-26 15:04Title
Remote code execution vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)
Summary
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.
Severity
SSVC
Exploitation: active
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://beyondtrustcorp.service-now.com/csm?id=cs… | |
| https://www.beyondtrust.com/trust-center/security… | |
| https://github.com/win3zz/CVE-2026-1731 | exploit |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
| https://www.greynoise.io/blog/reconnaissance-beyo… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BeyondTrust | Remote Support(RS) & Privileged Remote Access(PRA) |
Affected:
0 , ≤ RS 25.3.1
(custom)
Affected: 0 , ≤ PRA 24.3.4 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1731",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-14T04:55:25.328322Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-02-13",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-1731"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:15.451Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/win3zz/CVE-2026-1731"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-1731"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.greynoise.io/blog/reconnaissance-beyondtrust-rce-cve-2026-1731"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-13T00:00:00.000Z",
"value": "CVE-2026-1731 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Remote Support(RS) \u0026 Privileged Remote Access(PRA)",
"vendor": "BeyondTrust",
"versions": [
{
"lessThanOrEqual": "RS 25.3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "PRA 24.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eBeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:H/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T21:49:20.844Z",
"orgId": "13061848-ea10-403d-bd75-c83a022c2891",
"shortName": "BT"
},
"references": [
{
"url": "https://beyondtrustcorp.service-now.com/csm?id=csm_kb_article\u0026sysparm_article=KB0023293"
},
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt26-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Remote code execution vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
"assignerShortName": "BT",
"cveId": "CVE-2026-1731",
"datePublished": "2026-02-06T21:49:20.844Z",
"dateReserved": "2026-01-31T23:54:56.922Z",
"dateUpdated": "2026-02-26T15:04:15.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1232 (GCVE-0-2026-1232)
Vulnerability from cvelistv5 – Published: 2026-02-02 16:18 – Updated: 2026-02-02 16:35
VLAI
Title
Anti-Tamper Bypass in BeyondTrust Privilege Management for Windows
Summary
A medium-severity vulnerability has been identified in BeyondTrust Privilege Management for Windows versions <=25.7. Under certain conditions, a local authenticated user with elevated privileges may be able to bypass the product’s anti-tamper protections, which could allow access to protected application components and the ability to modify product configuration.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BeyondTrust | Privilege management for Windows |
Affected:
0 , ≤ 25.7
(cpe)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1232",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-02T16:35:19.653452Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T16:35:48.876Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Privilege management for Windows",
"vendor": "BeyondTrust",
"versions": [
{
"lessThanOrEqual": "25.7",
"status": "affected",
"version": "0",
"versionType": "cpe"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA medium-severity vulnerability has been identified in BeyondTrust Privilege Management for Windows versions \u0026lt;=25.7. Under certain conditions, a local authenticated user with elevated privileges may be able to bypass the product\u2019s anti-tamper protections, which could allow access to protected application components and the ability to modify product configuration.\u003c/span\u003e"
}
],
"value": "A medium-severity vulnerability has been identified in BeyondTrust Privilege Management for Windows versions \u003c=25.7. Under certain conditions, a local authenticated user with elevated privileges may be able to bypass the product\u2019s anti-tamper protections, which could allow access to protected application components and the ability to modify product configuration."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T16:18:47.242Z",
"orgId": "13061848-ea10-403d-bd75-c83a022c2891",
"shortName": "BT"
},
"references": [
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt26-01"
},
{
"url": "https://beyondtrustcorp.service-now.com/csm?id=kb_article_view\u0026sysparm_article=KB0023100"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Anti-Tamper Bypass in BeyondTrust Privilege Management for Windows",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
"assignerShortName": "BT",
"cveId": "CVE-2026-1232",
"datePublished": "2026-02-02T16:18:47.242Z",
"dateReserved": "2026-01-20T15:30:42.757Z",
"dateUpdated": "2026-02-02T16:35:48.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-6250 (GCVE-0-2025-6250)
Vulnerability from cvelistv5 – Published: 2025-07-28 15:40 – Updated: 2025-07-28 17:22
VLAI
Title
Privilege Management for Windows - Elevation of Privilege
Summary
Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BeyondTrust | Privilege Management for Windows |
Affected:
0 , < <25.4.270
(cpe)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6250",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T17:22:35.364250Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T17:22:45.226Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Privilege Management for Windows",
"vendor": "BeyondTrust",
"versions": [
{
"lessThan": "\u003c25.4.270",
"status": "affected",
"version": "0",
"versionType": "cpe"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "MSG Systems AG"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions.\u0026nbsp;"
}
],
"value": "Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-424",
"description": "CWE-424",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T15:40:28.381Z",
"orgId": "13061848-ea10-403d-bd75-c83a022c2891",
"shortName": "BT"
},
"references": [
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt25-06"
}
],
"source": {
"advisory": "bt25-06",
"discovery": "UNKNOWN"
},
"title": "Privilege Management for Windows - Elevation of Privilege",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
"assignerShortName": "BT",
"cveId": "CVE-2025-6250",
"datePublished": "2025-07-28T15:40:28.381Z",
"dateReserved": "2025-06-18T18:48:28.860Z",
"dateUpdated": "2025-07-28T17:22:45.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2297 (GCVE-0-2025-2297)
Vulnerability from cvelistv5 – Published: 2025-07-28 15:40 – Updated: 2025-07-28 17:22
VLAI
Title
Privilege Management for Windows - Elevation of Privilege
Summary
Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to administrator.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BeyondTrust | Privilege Management for Windows |
Affected:
0 , < <25.4.270
(cpe)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2297",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T17:22:05.722414Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T17:22:18.590Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Privilege Management for Windows",
"vendor": "BeyondTrust",
"versions": [
{
"lessThan": "\u003c25.4.270",
"status": "affected",
"version": "0",
"versionType": "cpe"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Lukasz Piotrowski"
},
{
"lang": "en",
"type": "reporter",
"value": "Marius Kotlarz"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to administrator.\u003cbr\u003e"
}
],
"value": "Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to administrator."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-268",
"description": "CWE-268",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T15:40:14.633Z",
"orgId": "13061848-ea10-403d-bd75-c83a022c2891",
"shortName": "BT"
},
"references": [
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt25-05"
}
],
"source": {
"advisory": "BT25-05",
"discovery": "UNKNOWN"
},
"title": "Privilege Management for Windows - Elevation of Privilege",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
"assignerShortName": "BT",
"cveId": "CVE-2025-2297",
"datePublished": "2025-07-28T15:40:14.633Z",
"dateReserved": "2025-03-13T21:22:29.654Z",
"dateUpdated": "2025-07-28T17:22:18.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5309 (GCVE-0-2025-5309)
Vulnerability from cvelistv5 – Published: 2025-06-16 16:06 – Updated: 2026-02-26 17:50
VLAI
Title
Remote Support & Privileged Remote Access server side template injection
Summary
The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| BeyondTrust | Remote support & Privileged Remote Access |
Affected:
24.2.2 , ≤ 24.2.4
(custom)
Affected: 24.3.1 , ≤ 24.3.3 (custom) Affected: 25.1.1 (custom) |
|
| BeyondTrust | Remote Support(RS) & Privileged Remote Access(PRA) |
Affected:
24.2.2 , ≤ 24.2.4
(custom)
Affected: 24.3.1 , ≤ 24.3.4 (custom) Affected: 25.1.1 (custom) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5309",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-19T03:55:07.428165Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:50:35.531Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Remote support \u0026 Privileged Remote Access",
"vendor": "BeyondTrust",
"versions": [
{
"lessThanOrEqual": "24.2.4",
"status": "affected",
"version": "24.2.2",
"versionType": "custom"
},
{
"lessThanOrEqual": "24.3.3",
"status": "affected",
"version": "24.3.1",
"versionType": "custom"
},
{
"status": "affected",
"version": "25.1.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Remote Support(RS) \u0026 Privileged Remote Access(PRA)",
"vendor": "BeyondTrust",
"versions": [
{
"lessThanOrEqual": "24.2.4",
"status": "affected",
"version": "24.2.2",
"versionType": "custom"
},
{
"lessThanOrEqual": "24.3.4",
"status": "affected",
"version": "24.3.1",
"versionType": "custom"
},
{
"status": "affected",
"version": "25.1.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jorren Geurts of Resillion"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T23:11:53.479Z",
"orgId": "13061848-ea10-403d-bd75-c83a022c2891",
"shortName": "BT"
},
"references": [
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt25-04"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Remote Support \u0026 Privileged Remote Access server side template injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
"assignerShortName": "BT",
"cveId": "CVE-2025-5309",
"datePublished": "2025-06-16T16:06:14.413Z",
"dateReserved": "2025-05-28T17:50:50.656Z",
"dateUpdated": "2026-02-26T17:50:35.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-0217 (GCVE-0-2025-0217)
Vulnerability from cvelistv5 – Published: 2025-05-05 17:00 – Updated: 2025-11-03 19:35
VLAI
Title
Privileged Remote Access Authentication Bypass
Summary
BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are vulnerable to a local authentication bypass. A local authenticated attacker can view the connection details of a ShellJump session that was initiated with external tools, allowing unauthorized access to connected sessions.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BeyondTrust | Privileged Remote Access |
Affected:
0 , < 25.1.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0217",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-05T17:14:56.030570Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T17:15:02.220Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:35:05.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/May/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Privileged Remote Access",
"vendor": "BeyondTrust",
"versions": [
{
"lessThan": "25.1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Paul Szabo of the University of Sydney"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are vulnerable to a local authentication bypass. A local authenticated attacker can view the connection details of a ShellJump session that was initiated with external tools, allowing unauthorized access to connected sessions."
}
],
"value": "BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are vulnerable to a local authentication bypass. A local authenticated attacker can view the connection details of a ShellJump session that was initiated with external tools, allowing unauthorized access to connected sessions."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T17:00:05.244Z",
"orgId": "13061848-ea10-403d-bd75-c83a022c2891",
"shortName": "BT"
},
"references": [
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt25-03"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Privileged Remote Access Authentication Bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
"assignerShortName": "BT",
"cveId": "CVE-2025-0217",
"datePublished": "2025-05-05T17:00:05.244Z",
"dateReserved": "2025-01-03T22:06:31.577Z",
"dateUpdated": "2025-11-03T19:35:05.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-0889 (GCVE-0-2025-0889)
Vulnerability from cvelistv5 – Published: 2025-02-26 01:41 – Updated: 2025-02-26 15:43
VLAI
Title
Privilege Management for Windows – Elevation of Privilege
Summary
Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user process.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BeyondTrust | Privilege Management for Windows |
Affected:
0 , < 25.2
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0889",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T14:46:53.686658Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T15:43:14.546Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Privilege Management for Windows",
"vendor": "BeyondTrust",
"versions": [
{
"lessThan": "25.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user process.\u0026nbsp;"
}
],
"value": "Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user process."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-268",
"description": "CWE-268",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T01:41:25.407Z",
"orgId": "13061848-ea10-403d-bd75-c83a022c2891",
"shortName": "BT"
},
"references": [
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt25-01"
}
],
"source": {
"advisory": "https://www.beyondtrust.com/trust-center/security-advisories/bt2",
"discovery": "UNKNOWN"
},
"title": "Privilege Management for Windows \u2013 Elevation of Privilege",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
"assignerShortName": "BT",
"cveId": "CVE-2025-0889",
"datePublished": "2025-02-26T01:41:25.407Z",
"dateReserved": "2025-01-30T17:52:42.202Z",
"dateUpdated": "2025-02-26T15:43:14.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12686 (GCVE-0-2024-12686)
Vulnerability from cvelistv5 – Published: 2024-12-18 20:23 – Updated: 2025-10-21 22:55Title
Command Injection vulnerability in Remote Support(RS) & Privilege Remote Access (PRA)
Summary
A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.
Severity
6.6 (Medium)
SSVC
Exploitation: active
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
3 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BeyondTrust | Remote Support(RS) & Privileged Remote Access(PRA) |
Affected:
0 , ≤ 24.3.1
(custom)
|
Date Public
2024-12-18 19:41
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12686",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T15:32:45.601180Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-01-13",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-12686"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:34.086Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-12686"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-13T00:00:00.000Z",
"value": "CVE-2024-12686 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Remote Support(RS) \u0026 Privileged Remote Access(PRA)",
"vendor": "BeyondTrust",
"versions": [
{
"lessThanOrEqual": "24.3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-12-18T19:41:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T20:23:57.909Z",
"orgId": "13061848-ea10-403d-bd75-c83a022c2891",
"shortName": "BT"
},
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12686"
},
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-11"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection vulnerability in Remote Support(RS) \u0026 Privilege Remote Access (PRA)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
"assignerShortName": "BT",
"cveId": "CVE-2024-12686",
"datePublished": "2024-12-18T20:23:57.909Z",
"dateReserved": "2024-12-16T18:58:57.921Z",
"dateUpdated": "2025-10-21T22:55:34.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12356 (GCVE-0-2024-12356)
Vulnerability from cvelistv5 – Published: 2024-12-17 04:29 – Updated: 2025-10-21 22:55Title
Command Injection Vulnerability in Remote Support(RS) & Privileged Remote Access (PRA)
Summary
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.
Severity
9.8 (Critical)
SSVC
Exploitation: active
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| BeyondTrust | Remote Support |
Affected:
0 , ≤ 24.3.1
(custom)
|
|
| BeyondTrust | Privileged Remote Access |
Affected:
0 , ≤ 24.3.1
(custom)
|
Date Public
2024-12-17 04:28
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12356",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-19T18:04:49.357119Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-12-19",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-12356"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:34.239Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-12356"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-19T00:00:00.000Z",
"value": "CVE-2024-12356 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-02-17T20:34:17.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Remote Support",
"vendor": "BeyondTrust",
"versions": [
{
"lessThanOrEqual": "24.3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Privileged Remote Access",
"vendor": "BeyondTrust",
"versions": [
{
"lessThanOrEqual": "24.3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-12-17T04:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user. \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T19:35:07.022Z",
"orgId": "13061848-ea10-403d-bd75-c83a022c2891",
"shortName": "BT"
},
"references": [
{
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12356"
},
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12356"
},
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-10"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection Vulnerability in Remote Support(RS) \u0026 Privileged Remote Access (PRA)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
"assignerShortName": "BT",
"cveId": "CVE-2024-12356",
"datePublished": "2024-12-17T04:29:07.883Z",
"dateReserved": "2024-12-08T18:31:21.494Z",
"dateUpdated": "2025-10-21T22:55:34.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9110 (GCVE-0-2024-9110)
Vulnerability from cvelistv5 – Published: 2024-10-30 16:57 – Updated: 2024-11-01 19:39
VLAI
Title
Cross-Site Scripting In Privileged Identity
Summary
A medium severity vulnerability has been identified within Privileged Identity which can allow an attacker to perform reflected cross-site scripting attacks.
Severity
6.4 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| BeyondTrust | Privileged Identity |
Affected:
0 , < 7.4.2
(custom)
|
|
| beyondtrust | privileged_identity |
Affected:
0 , < 7.4.2
(custom)
cpe:2.3:a:beyondtrust:privileged_identity:*:*:*:*:*:*:*:* |
Date Public
2024-10-30 16:32
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:beyondtrust:privileged_identity:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "privileged_identity",
"vendor": "beyondtrust",
"versions": [
{
"lessThan": "7.4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9110",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T17:26:50.357222Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T17:32:37.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Privileged Identity",
"vendor": "BeyondTrust",
"versions": [
{
"lessThan": "7.4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jonathan Birch (jobirch@exchange.microsoft.com)"
}
],
"datePublic": "2024-10-30T16:32:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A medium severity vulnerability has been identified within Privileged Identity which can allow an attacker to perform reflected cross-site scripting attacks."
}
],
"value": "A medium severity vulnerability has been identified within Privileged Identity which can allow an attacker to perform reflected cross-site scripting attacks."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T19:39:41.922Z",
"orgId": "13061848-ea10-403d-bd75-c83a022c2891",
"shortName": "BT"
},
"references": [
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-09"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting In Privileged Identity",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
"assignerShortName": "BT",
"cveId": "CVE-2024-9110",
"datePublished": "2024-10-30T16:57:39.549Z",
"dateReserved": "2024-09-23T17:45:22.394Z",
"dateUpdated": "2024-11-01T19:39:41.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5812 (GCVE-0-2024-5812)
Vulnerability from cvelistv5 – Published: 2024-06-11 15:41 – Updated: 2024-08-01 21:25
VLAI
Title
Smart Rule Overwrite Bypass in BeyondInsight PasswordSafe
Summary
A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API request.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BeyondTrust | BeyondInsight PasswordSafe |
Affected:
24.1.0 , < 24.1.1
(custom)
Affected: 23.3.0 , < 23.3.0.959 (custom) Affected: 23.2.0 , < 23.2.0.1293 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5812",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T17:53:32.772452Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T17:54:07.205Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:02.748Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-07"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BeyondInsight PasswordSafe",
"vendor": "BeyondTrust",
"versions": [
{
"lessThan": "24.1.1",
"status": "affected",
"version": "24.1.0",
"versionType": "custom"
},
{
"lessThan": "23.3.0.959",
"status": "affected",
"version": "23.3.0",
"versionType": "custom"
},
{
"lessThan": "23.2.0.1293",
"status": "affected",
"version": "23.2.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API request.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API request."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T15:41:13.496Z",
"orgId": "13061848-ea10-403d-bd75-c83a022c2891",
"shortName": "BT"
},
"references": [
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-07"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Smart Rule Overwrite Bypass in BeyondInsight PasswordSafe",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
"assignerShortName": "BT",
"cveId": "CVE-2024-5812",
"datePublished": "2024-06-11T15:41:13.496Z",
"dateReserved": "2024-06-10T19:32:48.176Z",
"dateUpdated": "2024-08-01T21:25:02.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5813 (GCVE-0-2024-5813)
Vulnerability from cvelistv5 – Published: 2024-06-11 15:34 – Updated: 2024-08-01 21:25
VLAI
Title
SSH Private Key Leak in BeyondInsight PasswordSafe
Summary
A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server response.
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BeyondTrust | BeyondInsight PasswordSafe |
Affected:
23.3 , < 23.3.0.929
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5813",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T16:51:05.940606Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T16:51:18.689Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:02.822Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-08"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BeyondInsight PasswordSafe",
"vendor": "BeyondTrust",
"versions": [
{
"lessThan": "23.3.0.929",
"status": "affected",
"version": "23.3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server response.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server response."
}
],
"impacts": [
{
"capecId": "CAPEC-410",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-410 Information Elicitation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T15:34:57.818Z",
"orgId": "13061848-ea10-403d-bd75-c83a022c2891",
"shortName": "BT"
},
"references": [
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-08"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SSH Private Key Leak in BeyondInsight PasswordSafe",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
"assignerShortName": "BT",
"cveId": "CVE-2024-5813",
"datePublished": "2024-06-11T15:34:57.818Z",
"dateReserved": "2024-06-10T19:32:51.897Z",
"dateUpdated": "2024-08-01T21:25:02.822Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4220 (GCVE-0-2024-4220)
Vulnerability from cvelistv5 – Published: 2024-06-04 20:13 – Updated: 2024-08-01 20:33
VLAI
Title
Information Disclosure in BeyondInsight
Summary
Prior to 23.1, an information disclosure vulnerability exists within BeyondInsight which can allow an attacker to enumerate usernames.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BeyondTrust | BeyondInsight |
Affected:
0 , < 23.1
(custom)
|
Date Public
2024-06-04 20:09
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4220",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T14:30:21.504964Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T14:30:28.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:33:53.024Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/BT24-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"64 bit",
"32 bit"
],
"product": "BeyondInsight",
"vendor": "BeyondTrust",
"versions": [
{
"lessThan": "23.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Paolo Caminati"
},
{
"lang": "en",
"type": "finder",
"value": "Daniele Montanaro"
}
],
"datePublic": "2024-06-04T20:09:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nPrior to 23.1, an information disclosure vulnerability exists within BeyondInsight which can allow an attacker to enumerate usernames.\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Prior to 23.1, an information disclosure vulnerability exists within BeyondInsight which can allow an attacker to enumerate usernames."
}
],
"impacts": [
{
"capecId": "CAPEC-54",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-54 Query System for Information"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T20:13:11.522Z",
"orgId": "13061848-ea10-403d-bd75-c83a022c2891",
"shortName": "BT"
},
"references": [
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/BT24-06"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Information Disclosure in BeyondInsight",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
"assignerShortName": "BT",
"cveId": "CVE-2024-4220",
"datePublished": "2024-06-04T20:13:11.522Z",
"dateReserved": "2024-04-25T21:45:48.412Z",
"dateUpdated": "2024-08-01T20:33:53.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4219 (GCVE-0-2024-4219)
Vulnerability from cvelistv5 – Published: 2024-06-04 20:08 – Updated: 2024-08-01 20:33
VLAI
Title
SSRF In BeyondInsight
Summary
Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery vulnerability.
Severity
4.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BeyondTrust | BeyondInsight |
Affected:
0 , < 23.2
(custom)
|
Date Public
2024-06-04 19:38
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4219",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-03T14:07:47.780311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:58.476Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:33:52.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/BT24-05"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"64 bit",
"32 bit"
],
"product": "BeyondInsight",
"vendor": "BeyondTrust",
"versions": [
{
"lessThan": "23.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Paolo Caminati"
},
{
"lang": "en",
"type": "finder",
"value": "Daniele Montanaro"
}
],
"datePublic": "2024-06-04T19:38:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nPrior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery vulnerability.\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery vulnerability."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664 Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T20:13:33.046Z",
"orgId": "13061848-ea10-403d-bd75-c83a022c2891",
"shortName": "BT"
},
"references": [
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/BT24-05"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SSRF In BeyondInsight",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
"assignerShortName": "BT",
"cveId": "CVE-2024-4219",
"datePublished": "2024-06-04T20:08:29.514Z",
"dateReserved": "2024-04-25T21:45:38.683Z",
"dateUpdated": "2024-08-01T20:33:52.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4017 (GCVE-0-2024-4017)
Vulnerability from cvelistv5 – Published: 2024-04-19 20:40 – Updated: 2024-08-01 20:26
VLAI
Title
Privilege Escalation in U-Series Appliance
Summary
Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (filesystem modules) allows DLL Side-Loading.This issue affects U-Series Appliance: from 3.4 before 4.0.3.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| BeyondTrust | U-Series Appliance |
Affected:
3.4 , < 4.0.3
(custom)
|
|
| beyondtrust | u-series_appliance |
Affected:
3.4 , < 4.0.3
(custom)
cpe:2.3:a:beyondtrust:u-series_appliance:*:*:*:*:*:*:*:* |
Date Public
2024-04-19 20:38
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:beyondtrust:u-series_appliance:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "u-series_appliance",
"vendor": "beyondtrust",
"versions": [
{
"lessThan": "4.0.3",
"status": "affected",
"version": "3.4",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4017",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T18:49:31.988847Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:56:35.177Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:26:57.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/docs/release-notes/u-series-appliance/bt-appliance-u-series-software-4-0-3.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"filesystem"
],
"platforms": [
"Windows",
"64 bit"
],
"product": "U-Series Appliance",
"vendor": "BeyondTrust",
"versions": [
{
"lessThan": "4.0.3",
"status": "affected",
"version": "3.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Paolo Caminati"
},
{
"lang": "en",
"type": "finder",
"value": "Daniele Montanaro"
}
],
"datePublic": "2024-04-19T20:38:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (filesystem modules) allows DLL Side-Loading.\u003cp\u003eThis issue affects U-Series Appliance: from 3.4 before 4.0.3.\u003c/p\u003e"
}
],
"value": "Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (filesystem modules) allows DLL Side-Loading.This issue affects U-Series Appliance: from 3.4 before 4.0.3.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-641",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-641 DLL Side-Loading"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-19T20:40:25.256Z",
"orgId": "13061848-ea10-403d-bd75-c83a022c2891",
"shortName": "BT"
},
"references": [
{
"url": "https://www.beyondtrust.com/docs/release-notes/u-series-appliance/bt-appliance-u-series-software-4-0-3.htm"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Privilege Escalation in U-Series Appliance",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
"assignerShortName": "BT",
"cveId": "CVE-2024-4017",
"datePublished": "2024-04-19T20:40:25.256Z",
"dateReserved": "2024-04-19T20:23:21.302Z",
"dateUpdated": "2024-08-01T20:26:57.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4018 (GCVE-0-2024-4018)
Vulnerability from cvelistv5 – Published: 2024-04-19 20:29 – Updated: 2024-08-01 20:26
VLAI
Title
Privilege Escalation in U-Series Appliance
Summary
Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (local appliance api modules) allows Privilege Escalation.This issue affects U-Series Appliance: from 3.4 before 4.0.3.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| BeyondTrust | U-Series Appliance |
Affected:
3.4 , < 4.0.3
(custom)
|
|
| beyondtrust | u-series_appliance |
Affected:
3.4
cpe:2.3:a:beyondtrust:u-series_appliance:3.4-4.0.3:*:*:*:*:*:*:* |
Date Public
2024-04-19 20:25
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:beyondtrust:u-series_appliance:3.4-4.0.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "u-series_appliance",
"vendor": "beyondtrust",
"versions": [
{
"status": "affected",
"version": "3.4"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4018",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T16:48:14.841210Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:53:25.456Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:26:57.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/docs/release-notes/u-series-appliance/bt-appliance-u-series-software-4-0-3.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"local appliance api"
],
"platforms": [
"Windows",
"64 bit"
],
"product": "U-Series Appliance",
"vendor": "BeyondTrust",
"versions": [
{
"lessThan": "4.0.3",
"status": "affected",
"version": "3.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Paolo Caminati"
},
{
"lang": "en",
"type": "finder",
"value": "Daniele Montanaro"
}
],
"datePublic": "2024-04-19T20:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (local appliance api modules) allows Privilege Escalation.\u003cp\u003eThis issue affects U-Series Appliance: from 3.4 before 4.0.3.\u003c/p\u003e"
}
],
"value": "Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (local appliance api modules) allows Privilege Escalation.This issue affects U-Series Appliance: from 3.4 before 4.0.3.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-19T20:40:47.336Z",
"orgId": "13061848-ea10-403d-bd75-c83a022c2891",
"shortName": "BT"
},
"references": [
{
"url": "https://www.beyondtrust.com/docs/release-notes/u-series-appliance/bt-appliance-u-series-software-4-0-3.htm"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Privilege Escalation in U-Series Appliance",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
"assignerShortName": "BT",
"cveId": "CVE-2024-4018",
"datePublished": "2024-04-19T20:29:19.626Z",
"dateReserved": "2024-04-19T20:24:20.448Z",
"dateUpdated": "2024-08-01T20:26:57.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1591 (GCVE-0-2024-1591)
Vulnerability from cvelistv5 – Published: 2024-02-16 18:54 – Updated: 2024-08-01 18:48
VLAI
Title
Privilege Management for Windows < 24.1 Information Leak
Summary
Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. This allows them to view the policy and potentially find configuration issues.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BeyondTrust | Privilege Management for Windows |
Affected:
1 , < 24.1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1591",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-18T00:44:16.042553Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:00:12.988Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:48:20.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Privilege Management for Windows",
"vendor": "BeyondTrust",
"versions": [
{
"lessThan": "24.1",
"status": "affected",
"version": "1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. This allows them to view the policy and potentially find configuration issues."
}
],
"value": "Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. This allows them to view the policy and potentially find configuration issues."
}
],
"impacts": [
{
"capecId": "CAPEC-176",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-176 Configuration/Environment Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-16T18:54:33.382Z",
"orgId": "13061848-ea10-403d-bd75-c83a022c2891",
"shortName": "BT"
},
"references": [
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-02"
}
],
"source": {
"advisory": "BT24-02",
"discovery": "UNKNOWN"
},
"title": "Privilege Management for Windows \u003c 24.1 Information Leak",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
"assignerShortName": "BT",
"cveId": "CVE-2024-1591",
"datePublished": "2024-02-16T18:54:33.382Z",
"dateReserved": "2024-02-16T17:32:29.581Z",
"dateUpdated": "2024-08-01T18:48:20.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25083 (GCVE-0-2024-25083)
Vulnerability from cvelistv5 – Published: 2024-02-16 00:00 – Updated: 2024-08-28 15:31
VLAI
Summary
An issue was discovered in BeyondTrust Privilege Management for Windows before 24.1. When an low-privileged user initiates a repair, there is an attack vector through which the user is able to execute any program with elevated privileges.
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| beyondtrust | privilege_management_for_windows |
Affected:
0 , < 24.1
(custom)
cpe:2.3:a:beyondtrust:privilege_management_for_windows:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:21.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-01"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:beyondtrust:privilege_management_for_windows:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "privilege_management_for_windows",
"vendor": "beyondtrust",
"versions": [
{
"lessThan": "24.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25083",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-21T20:36:28.397473Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T15:31:10.756Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in BeyondTrust Privilege Management for Windows before 24.1. When an low-privileged user initiates a repair, there is an attack vector through which the user is able to execute any program with elevated privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:L/A:N/C:H/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-16T21:13:55.222Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-25083",
"datePublished": "2024-02-16T00:00:00.000Z",
"dateReserved": "2024-02-04T00:00:00.000Z",
"dateUpdated": "2024-08-28T15:31:10.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49944 (GCVE-0-2023-49944)
Vulnerability from cvelistv5 – Published: 2023-12-25 00:00 – Updated: 2024-08-02 22:09
VLAI
Summary
The Challenge Response feature of BeyondTrust Privilege Management for Windows (PMfW) before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating the decrypted shared key in process memory. The threat is mitigated by the Agent Protection feature.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:09:49.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/security"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt23-08"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Challenge Response feature of BeyondTrust Privilege Management for Windows (PMfW) before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating the decrypted shared key in process memory. The threat is mitigated by the Agent Protection feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-25T08:02:37.880Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.beyondtrust.com/security"
},
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt23-08"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49944",
"datePublished": "2023-12-25T00:00:00.000Z",
"dateReserved": "2023-12-03T00:00:00.000Z",
"dateUpdated": "2024-08-02T22:09:49.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28369 (GCVE-0-2020-28369)
Vulnerability from cvelistv5 – Published: 2023-12-12 00:00 – Updated: 2024-08-04 16:33
VLAI
Summary
In BeyondTrust Privilege Management for Windows (aka PMfW) through 5.7, a SYSTEM installation causes Cryptbase.dll to be loaded from the user-writable location %WINDIR%\Temp.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:33:59.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/privilege-management/windows-mac"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-08"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In BeyondTrust Privilege Management for Windows (aka PMfW) through 5.7, a SYSTEM installation causes Cryptbase.dll to be loaded from the user-writable location %WINDIR%\\Temp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-12T14:54:01.302Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.beyondtrust.com/privilege-management/windows-mac"
},
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-08"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-28369",
"datePublished": "2023-12-12T00:00:00.000Z",
"dateReserved": "2020-11-09T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:33:59.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12615 (GCVE-0-2020-12615)
Vulnerability from cvelistv5 – Published: 2023-12-12 00:00 – Updated: 2024-08-28 16:30
VLAI
Summary
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary processes.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-269 - Improper Privilege Management
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:22.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-07"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-12615",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T16:28:52.996108Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T16:30:49.711Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary processes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-12T12:55:53.364Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1"
},
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-07"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12615",
"datePublished": "2023-12-12T00:00:00.000Z",
"dateReserved": "2020-05-01T00:00:00.000Z",
"dateUpdated": "2024-08-28T16:30:49.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12614 (GCVE-0-2020-12614)
Vulnerability from cvelistv5 – Published: 2023-12-12 00:00 – Updated: 2024-08-04 12:04
VLAI
Summary
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate (and also requires that the certificate is valid). If an Add Admin token is protected by this criteria, it can be leveraged by a malicious actor to achieve Elevation of Privileges from standard user to administrator.
Severity
8.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| beyondtrust | privilege_management_for_windows |
Affected:
0 , ≤ 5.6
(custom)
cpe:2.3:a:beyondtrust:privilege_management_for_windows:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:beyondtrust:privilege_management_for_windows:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "privilege_management_for_windows",
"vendor": "beyondtrust",
"versions": [
{
"lessThanOrEqual": "5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-12614",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T20:26:25.299399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T20:26:28.623Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:21.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate (and also requires that the certificate is valid). If an Add Admin token is protected by this criteria, it can be leveraged by a malicious actor to achieve Elevation of Privileges from standard user to administrator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-12T14:19:45.920Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1"
},
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-10"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12614",
"datePublished": "2023-12-12T00:00:00.000Z",
"dateReserved": "2020-05-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:04:21.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12612 (GCVE-0-2020-12612)
Vulnerability from cvelistv5 – Published: 2023-12-12 00:00 – Updated: 2024-08-04 12:04
VLAI
Summary
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When specifying a program to elevate, it can typically be found within the Program Files (x86) folder and therefore uses the %ProgramFiles(x86)% environment variable. However, when this same policy gets pushed to a 32bit machine, this environment variable does not exist. Therefore, since the standard user can create a user level environment variable, they can repoint this variable to any folder the user has full control of. Then, the folder structure can be created in such a way that a rule matches and arbitrary code runs elevated.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:21.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-09"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When specifying a program to elevate, it can typically be found within the Program Files (x86) folder and therefore uses the %ProgramFiles(x86)% environment variable. However, when this same policy gets pushed to a 32bit machine, this environment variable does not exist. Therefore, since the standard user can create a user level environment variable, they can repoint this variable to any folder the user has full control of. Then, the folder structure can be created in such a way that a rule matches and arbitrary code runs elevated."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-12T13:24:20.366Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1"
},
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-09"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12612",
"datePublished": "2023-12-12T00:00:00.000Z",
"dateReserved": "2020-05-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:04:21.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12613 (GCVE-0-2020-12613)
Vulnerability from cvelistv5 – Published: 2023-12-11 00:00 – Updated: 2024-08-04 12:04
VLAI
Summary
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. An attacker can spawn a process with multiple users as part of the security token (prior to Avecto elevation). When Avecto elevates the process, it removes the user who is launching the process, but not the second user. Therefore this second user still retains access and can give permission to the process back to the first user.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:21.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. An attacker can spawn a process with multiple users as part of the security token (prior to Avecto elevation). When Avecto elevates the process, it removes the user who is launching the process, but not the second user. Therefore this second user still retains access and can give permission to the process back to the first user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-11T21:57:24.386Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1"
},
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-11"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12613",
"datePublished": "2023-12-11T00:00:00.000Z",
"dateReserved": "2020-05-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:04:21.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3187 (GCVE-0-2021-3187)
Vulnerability from cvelistv5 – Published: 2023-12-11 00:00 – Updated: 2025-05-27 14:50
VLAI
Summary
An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a temporary directory) during install time. (This applies to macOS before 10.15.5, or Security Update 2020-003 on Mojave and High Sierra, Later versions of macOS are not vulnerable.)
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-276 - Incorrect Default Permissions
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:45:51.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/docs/release-notes/privilege-management/index.htm"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-06"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-3187",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T14:48:15.683595Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T14:50:21.592Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a temporary directory) during install time. (This applies to macOS before 10.15.5, or Security Update 2020-003 on Mojave and High Sierra, Later versions of macOS are not vulnerable.)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-11T22:28:02.851Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.beyondtrust.com/docs/release-notes/privilege-management/index.htm"
},
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-06"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-3187",
"datePublished": "2023-12-11T00:00:00.000Z",
"dateReserved": "2021-01-21T00:00:00.000Z",
"dateUpdated": "2025-05-27T14:50:21.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23632 (GCVE-0-2023-23632)
Vulnerability from cvelistv5 – Published: 2023-10-12 00:00 – Updated: 2025-11-03 19:27
VLAI
Summary
BeyondTrust Privileged Remote Access (PRA) versions 22.2.x to 22.4.x are vulnerable to a local authentication bypass. Attackers can exploit a flawed secret verification process in the BYOT shell jump sessions, allowing unauthorized access to jump items by guessing only the first character of the secret.
Severity
No CVSS data available.
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| beyondtrust | privileged_remote_access |
Affected:
22.2x , ≤ 22.4x
(custom)
cpe:2.3:a:beyondtrust:privileged_remote_access:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:27:59.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.compass-security.com/fileadmin/Research/Advisories/2023_03_CSNC-2022-018_PRA_Privilege_Escalation.txt"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/1"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:beyondtrust:privileged_remote_access:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "privileged_remote_access",
"vendor": "beyondtrust",
"versions": [
{
"lessThanOrEqual": "22.4x",
"status": "affected",
"version": "22.2x",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23632",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T14:28:47.747173Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T14:30:44.768Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BeyondTrust Privileged Remote Access (PRA) versions 22.2.x to 22.4.x are vulnerable to a local authentication bypass. Attackers can exploit a flawed secret verification process in the BYOT shell jump sessions, allowing unauthorized access to jump items by guessing only the first character of the secret."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-12T19:56:30.058Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.compass-security.com/fileadmin/Research/Advisories/2023_03_CSNC-2022-018_PRA_Privilege_Escalation.txt"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-23632",
"datePublished": "2023-10-12T00:00:00.000Z",
"dateReserved": "2023-01-16T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:27:59.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-4310 (GCVE-0-2023-4310)
Vulnerability from cvelistv5 – Published: 2023-09-05 20:15 – Updated: 2024-10-01 14:58
VLAI
Summary
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user. This issue is fixed in version 23.2.3.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| BeyondTrust | Privileged Remote Access (PRA) |
Affected:
23.2.1
Affected: 23.2.2 |
|
| BeyondTrust | Remote Support (RS) |
Affected:
23.2.1
Affected: 23.2.2 |
Date Public
2023-08-03 10:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/blog/entry/security-update-for-remote-support-and-privileged-remote-access"
},
{
"tags": [
"x_transferred"
],
"url": "https://beyondtrustcorp.service-now.com/csm?id=kb_article_view\u0026sysparm_article=KB0020207"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4310",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T14:57:35.636227Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T14:58:14.818Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Privileged Remote Access (PRA)",
"vendor": "BeyondTrust",
"versions": [
{
"status": "affected",
"version": "23.2.1"
},
{
"status": "affected",
"version": "23.2.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Remote Support (RS)",
"vendor": "BeyondTrust",
"versions": [
{
"status": "affected",
"version": "23.2.1"
},
{
"status": "affected",
"version": "23.2.2"
}
]
}
],
"datePublic": "2023-08-03T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user. This issue is fixed in version 23.2.3.\u003cbr\u003e"
}
],
"value": "BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user. This issue is fixed in version 23.2.3.\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-05T20:15:57.824Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"url": "https://www.beyondtrust.com/blog/entry/security-update-for-remote-support-and-privileged-remote-access"
},
{
"url": "https://beyondtrustcorp.service-now.com/csm?id=kb_article_view\u0026sysparm_article=KB0020207"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apply vendor patch 23.2.3."
}
],
"value": "Apply vendor patch 23.2.3."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2023-4310",
"datePublished": "2023-09-05T20:15:57.824Z",
"dateReserved": "2023-08-11T17:05:35.729Z",
"dateUpdated": "2024-10-01T14:58:14.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31589 (GCVE-0-2021-31589)
Vulnerability from cvelistv5 – Published: 2022-01-05 11:26 – Updated: 2024-08-03 23:03
VLAI
Summary
A cross-site scripting (XSS) vulnerability has been reported and confirmed for BeyondTrust Secure Remote Access Base Software version 6.0.1 and older, which allows the injection of unauthenticated, specially-crafted web requests without proper sanitization.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.beyondtrust.com/docs/release-notes/in… | x_refsource_MISC |
| http://packetstormsecurity.com/files/165408/Beyon… | x_refsource_MISC |
| https://cxsecurity.com/issue/WLB-2022010013 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:03:33.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.beyondtrust.com/docs/release-notes/index.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165408/BeyondTrust-Remote-Support-6.0-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cxsecurity.com/issue/WLB-2022010013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability has been reported and confirmed for BeyondTrust Secure Remote Access Base Software version 6.0.1 and older, which allows the injection of unauthenticated, specially-crafted web requests without proper sanitization."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-24T11:34:31.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.beyondtrust.com/docs/release-notes/index.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/165408/BeyondTrust-Remote-Support-6.0-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cxsecurity.com/issue/WLB-2022010013"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability has been reported and confirmed for BeyondTrust Secure Remote Access Base Software version 6.0.1 and older, which allows the injection of unauthenticated, specially-crafted web requests without proper sanitization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.beyondtrust.com/docs/release-notes/index.htm",
"refsource": "MISC",
"url": "https://www.beyondtrust.com/docs/release-notes/index.htm"
},
{
"name": "http://packetstormsecurity.com/files/165408/BeyondTrust-Remote-Support-6.0-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/165408/BeyondTrust-Remote-Support-6.0-Cross-Site-Scripting.html"
},
{
"name": "https://cxsecurity.com/issue/WLB-2022010013",
"refsource": "MISC",
"url": "https://cxsecurity.com/issue/WLB-2022010013"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31589",
"datePublished": "2022-01-05T11:26:49.000Z",
"dateReserved": "2021-04-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:03:33.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42254 (GCVE-0-2021-42254)
Vulnerability from cvelistv5 – Published: 2021-11-19 18:04 – Updated: 2024-08-04 03:30
VLAI
Summary
BeyondTrust Privilege Management prior to version 21.6 creates a Temporary File in a Directory with Insecure Permissions.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.beyondtrust.com/blog | x_refsource_MISC |
| https://github.com/mandiant/Vulnerability-Disclos… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:37.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.beyondtrust.com/blog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0008/MNDT-2021-0008.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BeyondTrust Privilege Management prior to version 21.6 creates a Temporary File in a Directory with Insecure Permissions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-19T18:04:10.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.beyondtrust.com/blog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0008/MNDT-2021-0008.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-42254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BeyondTrust Privilege Management prior to version 21.6 creates a Temporary File in a Directory with Insecure Permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.beyondtrust.com/blog",
"refsource": "MISC",
"url": "https://www.beyondtrust.com/blog"
},
{
"name": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0008/MNDT-2021-0008.md",
"refsource": "MISC",
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0008/MNDT-2021-0008.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-42254",
"datePublished": "2021-11-19T18:04:10.000Z",
"dateReserved": "2021-10-11T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:30:37.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3156 (GCVE-0-2021-3156)
Vulnerability from cvelistv5 – Published: 2021-01-26 00:00 – Updated: 2025-10-21 23:35Summary
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Severity
7.8 (High)
SSVC
Exploitation: active
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-193 - Off-by-one Error
Assigner
References
35 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:45:51.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20210126 [SECURITY] [DLA 2534-1] sudo security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html"
},
{
"name": "20210126 Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Jan/79"
},
{
"name": "[oss-security] 20210126 Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/26/3"
},
{
"name": "GLSA-202101-33",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202101-33"
},
{
"name": "DSA-4839",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4839"
},
{
"name": "FEDORA-2021-2cb63d912a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/"
},
{
"name": "FEDORA-2021-8840cbdccd",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/"
},
{
"name": "[oss-security] 20210127 Re: Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/27/1"
},
{
"name": "[oss-security] 20210127 Re: Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/27/2"
},
{
"name": "20210129 Sudo Privilege Escalation Vulnerability Affecting Cisco Products: January 2021",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM"
},
{
"name": "VU#794544",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/794544"
},
{
"name": "20210211 APPLE-SA-2021-02-09-1 macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, and macOS Mojave 10.14.6 Security Update 2021-002",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/42"
},
{
"name": "[oss-security] 20210215 Re: sudo: Ineffective NO_ROOT_MAILER and Baron Samedit",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/02/15/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sudo.ws/stable.html#1.9.5p2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/01/26/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210128-0002/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210128-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT212177"
},
{
"tags": [
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10348"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_21_02"
},
{
"name": "[oss-security] 20210914 Re: Oracle Solaris membership in the distros list",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/09/14/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "[oss-security] 20240130 Re: CVE-2023-6246: Heap-based buffer overflow in the glibc\u0027s syslog()",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/8"
},
{
"name": "[oss-security] 20240130 CVE-2023-6246: Heap-based buffer overflow in the glibc\u0027s syslog()",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/6"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html"
},
{
"name": "20240204 CVE-2023-6246: Heap-based buffer overflow in the glibc\u0027s syslog()",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Feb/3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-3156",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-03T15:43:52.658146Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-04-06",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-3156"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "CWE-193 Off-by-one Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:35:29.600Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-3156"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-04-06T00:00:00.000Z",
"value": "CVE-2021-3156 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via \"sudoedit -s\" and a command-line argument that ends with a single backslash character."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T16:41:27.031Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20210126 [SECURITY] [DLA 2534-1] sudo security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html"
},
{
"name": "20210126 Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2021/Jan/79"
},
{
"name": "[oss-security] 20210126 Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/26/3"
},
{
"name": "GLSA-202101-33",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202101-33"
},
{
"name": "DSA-4839",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4839"
},
{
"name": "FEDORA-2021-2cb63d912a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/"
},
{
"name": "FEDORA-2021-8840cbdccd",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/"
},
{
"name": "[oss-security] 20210127 Re: Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/27/1"
},
{
"name": "[oss-security] 20210127 Re: Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/27/2"
},
{
"name": "20210129 Sudo Privilege Escalation Vulnerability Affecting Cisco Products: January 2021",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM"
},
{
"name": "VU#794544",
"tags": [
"third-party-advisory"
],
"url": "https://www.kb.cert.org/vuls/id/794544"
},
{
"name": "20210211 APPLE-SA-2021-02-09-1 macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, and macOS Mojave 10.14.6 Security Update 2021-002",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/42"
},
{
"name": "[oss-security] 20210215 Re: sudo: Ineffective NO_ROOT_MAILER and Baron Samedit",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/02/15/1"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"url": "https://www.sudo.ws/stable.html#1.9.5p2"
},
{
"url": "https://www.openwall.com/lists/oss-security/2021/01/26/3"
},
{
"url": "http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210128-0002/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210128-0001/"
},
{
"url": "http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html"
},
{
"url": "http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html"
},
{
"url": "http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html"
},
{
"url": "https://support.apple.com/kb/HT212177"
},
{
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10348"
},
{
"url": "https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability"
},
{
"url": "https://www.synology.com/security/advisory/Synology_SA_21_02"
},
{
"name": "[oss-security] 20210914 Re: Oracle Solaris membership in the distros list",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/09/14/2"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "[oss-security] 20240130 Re: CVE-2023-6246: Heap-based buffer overflow in the glibc\u0027s syslog()",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/8"
},
{
"name": "[oss-security] 20240130 CVE-2023-6246: Heap-based buffer overflow in the glibc\u0027s syslog()",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/6"
},
{
"url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html"
},
{
"name": "20240204 CVE-2023-6246: Heap-based buffer overflow in the glibc\u0027s syslog()",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2024/Feb/3"
},
{
"url": "https://www.vicarius.io/vsociety/posts/sudoedit-pwned-cve-2021-3156"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-3156",
"datePublished": "2021-01-26T00:00:00.000Z",
"dateReserved": "2021-01-15T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:35:29.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}