6 matches found
CVE-2024-12356
CVE-2024-12356 describes a critical, unauthenticated command injection vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS). The issue allows an attacker to inject commands that execute with the site user’s privileges, potentially impacting confidentiality, integrit...
CVE-2026-1731
CVE-2026-1731 affects BeyondTrust Remote Support (RS) and older Privileged Remote Access (PRA). It is a pre-authentication, unauthenticated remote code execution vulnerability exploitable via crafted requests, enabling code execution in the site user context. Technical details across connected do...
CVE-2024-12686
CVE-2024-12686 affects BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS); it is an OS command-injection vulnerability that can be exploited by an attacker with existing administrative privileges to upload a malicious file and execute OS commands as the site user. Public sources (...
CVE-2025-5309
CVE-2025-5309 affects BeyondTrust Remote Support (RS) and BeyondTrust Privileged Remote Access (PRA) with a server‑side template injection in the chat feature, leading to remote code execution. The CVSS metrics in the initial entry indicate a critical/high impact across confidentiality, integrity...
CVE-2017-5996
The CVE-2017-5996 issue affects Bomgar Remote Support: the agent in 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4 is vulnerable to DLL hijacking due to weak permissions on %SYSTEMDRIVE%\ProgramData. This is a local privilege escalation exposure where an attacker could lever...
CVE-2023-4310
BeyondTrust PRA and RS versions 23.2.1–23.2.2 contain a command-injection vulnerability exploitable via a malicious HTTP request. An unauthenticated remote attacker can execute arbitrary OS commands in the context of the site user. The issue is fixed in version 23.2.3. Remediation: upgrade to 23....