CVE-2023-4310
Published: 05 September 2023
Summary
CVE-2023-4310 is a critical-severity Command Injection (CWE-77) vulnerability in Beyondtrust Privileged Remote Access. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 14.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-54177
Vulnerability details
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute…
more
underlying operating system commands within the context of the site user. This issue is fixed in version 23.2.3.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.