CVE-2023-4310

Name of the Vulnerable Software and Affected Versions BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 through 23.2.2

Description The issue is a command injection vulnerability that can be exploited through a malicious HTTP request, allowing an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user.

Recommendations For versions 23.2.1 and 23.2.2, update to version 23.2.3 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable HTTP endpoint until a patch is available. Avoid using the vulnerable functionality in the affected versions until the issue is resolved.