Lucene search
K
BeyondtrustPrivileged Remote Access

11 matches found

CVE
CVE
added 2024/12/17 4:29 a.m.479 views

CVE-2024-12356

CVE-2024-12356 describes a critical, unauthenticated command injection vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS). The issue allows an attacker to inject commands that execute with the site user’s privileges, potentially impacting confidentiality, integrit...

9.8CVSS9.7AI score0.87991EPSS
In wildWeb
CVE
CVE
added 2026/02/06 9:49 p.m.285 views

CVE-2026-1731

CVE-2026-1731 affects BeyondTrust Remote Support (RS) and older Privileged Remote Access (PRA). It is a pre-authentication, unauthenticated remote code execution vulnerability exploitable via crafted requests, enabling code execution in the site user context. Technical details across connected do...

9.9CVSS6.6AI score0.88115EPSS
In wild
CVE
CVE
added 2024/12/18 8:23 p.m.229 views

CVE-2024-12686

CVE-2024-12686 affects BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS); it is an OS command-injection vulnerability that can be exploited by an attacker with existing administrative privileges to upload a malicious file and execute OS commands as the site user. Public sources (...

7.2CVSS6.7AI score0.13788EPSS
In wild
CVE
CVE
added 2025/06/16 4:6 p.m.73 views

CVE-2025-5309

CVE-2025-5309 affects BeyondTrust Remote Support (RS) and BeyondTrust Privileged Remote Access (PRA) with a server‑side template injection in the chat feature, leading to remote code execution. The CVSS metrics in the initial entry indicate a critical/high impact across confidentiality, integrity...

9.8CVSS7.7AI score0.00875EPSS
CVE
CVE
added 5 days ago72 views

CVE-2026-40138

CVE-2026-40138 is a critical pre-authentication vulnerability in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. The underlying issue is improper validation of authentication data, which could let a network-positioned attacker bypass access controls and ga...

9.2CVSS6AI score0.00417EPSS
CVE
CVE
added 2025/05/05 5:0 p.m.57 views

CVE-2025-0217

BeyondTrust Privileged Remote Access (PRA) prior to version 25.1 is affected by a local authentication bypass. An authenticated local attacker can view the ShellJump session details initiated with external tools, enabling unauthorized access to connected sessions. Affected product: BeyondTrust PR...

7.8CVSS6.6AI score0.00173EPSS
CVE
CVE
added 2023/10/12 12:0 a.m.52 views

CVE-2023-23632

BeyondTrust Privileged Remote Access (PRA) 22.2.x–22.4.x contains a local authentication bypass through a flawed secret verification in the BYOT shell jump sessions, enabling access to jump items by guessing the first character of the secret. Affected product: BeyondTrust PRA. Root cause: insecur...

7.8CVSS7.6AI score0.00193EPSS
CVE
CVE
added 2023/09/05 8:15 p.m.49 views

CVE-2023-4310

BeyondTrust PRA and RS versions 23.2.1–23.2.2 contain a command-injection vulnerability exploitable via a malicious HTTP request. An unauthenticated remote attacker can execute arbitrary OS commands in the context of the site user. The issue is fixed in version 23.2.3. Remediation: upgrade to 23....

9.8CVSS9.5AI score0.01407EPSS
CVE
CVE
added 5 days ago37 views

CVE-2026-40140

BeyondTrust Remote Support and Privileged Remote Access are affected by CVE-2026-40140, a pre-authentication vulnerability in the network communication subsystem. The issue stems from insufficient validation of client-supplied input, enabling an unauthenticated remote attacker to trigger a denial...

8.7CVSS6AI score0.00561EPSS
CVE
CVE
added 5 days ago31 views

CVE-2026-40139

BeyondTrust Remote Support authentication subsystem contains a critical pre-authentication vulnerability (CVE-2026-40139). Improper processing of authentication requests may allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance, including...

9.8CVSS6AI score0.00653EPSS
CVE
CVE
added 5 days ago15 views

CVE-2026-40141

CVE-2026-40141 affects the web application component of BeyondTrust Remote Support and Privileged Remote Access. The issue stems from insufficient validation of user-supplied input, which could allow an authenticated attacker with limited privileges to access resources or data beyond their author...

9.9CVSS6AI score0.00478EPSS