Lucene search
K
BeyondtrustRemote Support

6 matches found

CVE
CVE
•added 2024/12/17 4:29 a.m.•465 views

CVE-2024-12356

CVE-2024-12356 describes a critical, unauthenticated command injection vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS). The issue allows an attacker to inject commands that execute with the site user’s privileges, potentially impacting confidentiality, integrit...

9.8CVSS9.7AI score0.87991EPSS
In wildWeb
CVE
CVE
•added 2026/02/06 9:49 p.m.•270 views

CVE-2026-1731

CVE-2026-1731 affects BeyondTrust Remote Support (RS) and older Privileged Remote Access (PRA). It is a pre-authentication, unauthenticated remote code execution vulnerability exploitable via crafted requests, enabling code execution in the site user context. Technical details across connected do...

9.9CVSS6.6AI score0.86091EPSS
In wild
CVE
CVE
•added 2024/12/18 8:23 p.m.•227 views

CVE-2024-12686

CVE-2024-12686 affects BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS); it is an OS command-injection vulnerability that can be exploited by an attacker with existing administrative privileges to upload a malicious file and execute OS commands as the site user. Public sources (...

7.2CVSS6.7AI score0.13788EPSS
In wild
CVE
CVE
•added 2025/06/16 4:6 p.m.•65 views

CVE-2025-5309

CVE-2025-5309 affects BeyondTrust Remote Support (RS) and BeyondTrust Privileged Remote Access (PRA) with a server‑side template injection in the chat feature, leading to remote code execution. The CVSS metrics in the initial entry indicate a critical/high impact across confidentiality, integrity...

9.8CVSS7.7AI score0.00875EPSS
CVE
CVE
•added 2017/10/26 6:0 p.m.•56 views

CVE-2017-5996

The CVE-2017-5996 issue affects Bomgar Remote Support: the agent in 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4 is vulnerable to DLL hijacking due to weak permissions on %SYSTEMDRIVE%\ProgramData. This is a local privilege escalation exposure where an attacker could lever...

9.3CVSS7.6AI score0.013EPSS
CVE
CVE
•added 2023/09/05 8:15 p.m.•47 views

CVE-2023-4310

BeyondTrust PRA and RS versions 23.2.1–23.2.2 contain a command-injection vulnerability exploitable via a malicious HTTP request. An unauthenticated remote attacker can execute arbitrary OS commands in the context of the site user. The issue is fixed in version 23.2.3. Remediation: upgrade to 23....

9.8CVSS9.5AI score0.01407EPSS