BeyondTrust PRA/RS vulnerability
This live blog contains information regarding a vulnerability in BeyondTrust PRA/RS. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog. Last updated on August 1, 2023.
T-Update
This live blog contains information regarding a vulnerability in BeyondTrust PRA/RS. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog. Last updated on August 1, 2023.
Update 1 August 2023
17:00 | On the 1st of August, BeyondTrust has released a knowledge base article describing a critical vulnerability in its Privileged Remote Access (PRA) and Remote Support (RS) products. The vulnerability has not been assigned a CVE ID yet. Successful exploitation can allow an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user.
The vulnerability is not known to be exploited in the wild, nor is there a public proof-of-concept exploit available. BeyondTrust has released a patch (TRY-21041). A software update fixing the issue is expected soon. It is highly recommended to apply the temporary patch as soon as possible.
Background
On the 1st of August, BeyondTrust has released a knowledge base article describing a critical vulnerability in its Privileged Remote Access (PRA) and Remote Support (RS) products. The vulnerability has not been assigned a CVE ID yet. Successful exploitation can allow an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user. The vulnerability is not known to be exploited in the wild, nor is there a public proof-of-concept exploit available. BeyondTrust has released a patch (TRY-21041). A software update fixing the issue is expected soon. It is highly recommended to apply the temporary patch as soon as possible.
Risk
The vulnerability has a CVSS score of 10. The CVSS scale runs from 0 to 10. A score of 10 is rare and implies a low attack complexity and high risk of exploitation with high impact. The vulnerability in BeyondTrust PRA and RS is categorised as “Unauthenticated Command Injection” and allows an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user. The vulnerability can be exploited through a malicious HTTP request.
The vulnerability is not known to be exploited in the wild, nor is there a public proof-of-concept exploit available. The high CVSS score indicates a low exploit complexity. Combined with the exposed character of the solution and access to internal systems, makes this a very critical vulnerability which is advised to be patched as soon as possible.
Advice
Only two very specific versions of BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) are vulnerable:
- 23.2.1
- 23.2.2
For cloud customers: please be aware that these sites have already received the patch and they have been applied without any downtime or interruption to services.
Currently there is a patch available, labelled as TRY-21041, for the impacted versions. The issue will be fixed soon in version 23.2.3. This version is not available at the time of writing this article. Please apply the patch as soon as possible. Once version 23.2.3 is released, it is advised to install this as soon as possible.
For more information regarding the patch, please visit the original article of BeyondTrust (customer login required):
If any suspicious or malicious activity is detected in relation to this article, please contact T-CERT. The Tesorion Computer Emergency Response Team offers specialist support 24/7. In emergencies, we immediately conduct an initial assessment by telephone and do all we can to get the situation under control as soon as possible.
Sources
Sign up to receive T-Updates
Receive the latest vulnerabilities in your email every Wednesday
More than 1,000 organisations have already joined us.
