CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2024-12356 – BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-12356
17 Dec 2024 — A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user. BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain a command injection vulnerability, which can allow an unauthenticated attacker to inject commands that are run as a site user. • https://github.com/cloudefence/CVE-2024-12356 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.3EPSS: 0%CPEs: 8EXPL: 0CVE-2017-5996 – Bomgar Remote Support Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-5996
26 Oct 2017 — The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4 allows DLL hijacking because of weak %SYSTEMDRIVE%\ProgramData permissions. El agente en Bomgar Remote Support en versiones 15.2.x anteriores a la 15.2.3, las 16.1.x anteriores a la 16.1.5, y las 16.2.x anteriores a la 16.2.4 permite el secuestro de DLL debido al uso de permisos %SYSTEMDRIVE%\ProgramData débiles. Bomgar Remote Support suffers from a local privilege escalation vulnerability. Versions affec... • http://www.securitytracker.com/id/1039679 • CWE-426: Untrusted Search Path •