20 matches found
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) unauthenticated Remote Code Execution
This exploit achieves unauthenticated remote code execution against BeyondTrust Privileged Remote Access PRA and Remote Support RS. The module targets CVE-2026-1731, a direct command injection affecting RS versions 25.3.1 and prior, and PRA versions 24.3.4 and prior. Exploitation occurs with the...
Exploit for OS Command Injection in Beyondtrust Privileged_Remote_Access
BeyondTrust CVE-2026-1731 Scanner Professional Python scanner...
Exploit for OS Command Injection in Beyondtrust Privileged_Remote_Access
Security Unauthenticated Stored Cross-Site Scripting CVE-2026...
Exploit for OS Command Injection in Beyondtrust Privileged_Remote_Access
CVE-2026-1731 Blind RCE PoC Effected Versions: - Privi...
BeyondTrust Privileged Remote Access (PRA) <= 24.3.4 Pre-Authentication RCE (BT26-02)
The version of BeyondTrust Privileged Remote Access PRA running on the remote host is 24.3.4 or earlier. It is, therefore, potentially affected by a pre-authentication remote code execution vulnerability: - By sending specially crafted requests, an unauthenticated remote attacker may be able to...
PT-2026-6803
Name of the Vulnerable Software and Affected Versions BeyondTrust Remote Support versions prior to 25.3.2 BeyondTrust Privileged Remote Access versions prior to 25.1.1 Description BeyondTrust Remote Support and Privileged Remote Access contain a critical pre-authentication remote code execution...
BeyondTrust Remote Support和BeyondTrust Privileged Remote Access 安全漏洞
BeyondTrust Remote Support and BeyondTrust Privileged Remote Access BeyondTrust PRA are both products of BeyondTrust Corporation, USA.BeyondTrust Remote Support is a software for BeyondTrust Remote Support is a remote desktop access, helpdesk and collaboration software for Windows, Mac, Linux, Io...
CVE-2025-0217
BeyondTrust Privileged Remote Access PRA versions prior to 25.1 are vulnerable to a local authentication bypass. A local authenticated attacker can view the connection details of a ShellJump session that was initiated with external tools, allowing unauthorized access to connected sessions...
📄 BeyondTrust Privileged Remote Access 24.3 Takeover
BeyondTrust Privileged Remote Access PRA version 24.3 suffers a privileged login takeover vulnerability due to a passwordless ssh tunnel. === Details ======================================================== Vendor: BeyondTrust Product: Privileged Remote Access PRA Subject: PRA connection takeover...
CVE-2025-0217
BeyondTrust Privileged Remote Access PRA versions prior to 25.1 are vulnerable to a local authentication bypass. A local authenticated attacker can view the connection details of a ShellJump session that was initiated with external tools, allowing unauthorized access to connected sessions...
CVE-2025-0217
BeyondTrust Privileged Remote Access PRA versions prior to 25.1 are vulnerable to a local authentication bypass. A local authenticated attacker can view the connection details of a ShellJump session that was initiated with external tools, allowing unauthorized access to connected sessions...
CVE-2025-0217
BeyondTrust Privileged Remote Access (PRA) prior to version 25.1 is affected by a local authentication bypass. An authenticated local attacker can view the ShellJump session details initiated with external tools, enabling unauthorized access to connected sessions. Affected product: BeyondTrust PR...
PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks
Threat actors who were behind the exploitation of a zero-day vulnerability in BeyondTrust Privileged Remote Access PRA and Remote Support RS products in December 2024 likely also exploited a previously unknown SQL injection flaw in PostgreSQL, according to findings from Rapid7. The vulnerability,...
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability
BeyondTrust Privileged Remote Access PRA and Remote Support RS contain a command injection vulnerability, which can allow an unauthenticated attacker to inject commands that are run as a site user...
VulnCheck KEV: CVE-2024-12686
BeyondTrust Privileged Remote Access PRA and Remote Support RS contain an OS command injection vulnerability that can be exploited by an attacker with existing administrative privileges to upload a malicious file. Successful exploitation of this vulnerability can allow a remote attacker to...
PT-2024-10058
Name of the Vulnerable Software and Affected Versions BeyondTrust Privileged Remote Access PRA and Remote Support RS versions prior to 24.3.1 PostgreSQL affected versions not specified Description A critical command injection vulnerability exists in BeyondTrust Privileged Remote Access PRA and...
BeyondTrust Privileged Identity 安全漏洞
BeyondTrust Privileged Identity is an authentication program from BeyondTrust USA. A security vulnerability exists in BeyondTrust Privileged Identity versions prior to 7.4.2, which stems from a vulnerability that allows an attacker to perform a reflective cross-site scripting attack...
CVE-2023-23632
BeyondTrust Privileged Remote Access PRA versions 22.2.x to 22.4.x are vulnerable to a local authentication bypass. Attackers can exploit a flawed secret verification process in the BYOT shell jump sessions, allowing unauthorized access to jump items by guessing only the first character of the...
BeyondTrust Privileged Remote Access and Remote Support Command Injection Vulnerability
BeyondTrust Remote Support and BeyondTrust Privileged Remote Access BeyondTrust PRA are both products of BeyondTrust, Inc.BeyondTrust Remote Support is a remote desktop access, help desk and collaboration software for BeyondTrust Remote Support is a remote desktop access, helpdesk and collaborati...
PT-2023-28697 · Beyondtrust · Beyondtrust Remote Support +1
Name of the Vulnerable Software and Affected Versions: BeyondTrust Privileged Remote Access PRA and Remote Support RS versions 23.2.1 through 23.2.2 Description: The issue is a command injection vulnerability that can be exploited through a malicious HTTP request, allowing an unauthenticated remo...