Lucene search

PRIOn knowledge basePRION:CVE-2023-23632

HistoryOct 12, 2023 - 8:15 p.m.

Authentication flaw

2023-10-1220:15:00

PRIOn knowledge base

www.prio-n.com

beyondtrust

pra

authentication

flaw

vulnerable

local

bypass

secret

verification

process

byot

shell

jump

sessions

unauthorized

access

guessing

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

BeyondTrust Privileged Remote Access (PRA) versions 22.2.x to 22.4.x are vulnerable to a local authentication bypass. Attackers can exploit a flawed secret verification process in the BYOT shell jump sessions, allowing unauthorized access to jump items by guessing only the first character of the secret.

CPENameOperatorVersion
privileged_remote_accessge22.2.1
privileged_remote_accesslt22.3.3

CPE	Name	Operator	Version
	privileged_remote_access	ge	22.2.1
	privileged_remote_access	lt	22.3.3

References

www.compass-security.com/fileadmin/Research/Advisories/2023_03_CSNC-2022-018_PRA_Privilege_Escalation.txt