CVE-2023-23632
https://notcve.org/view.php?id=CVE-2023-23632
BeyondTrust Privileged Remote Access (PRA) versions 22.2.x to 22.4.x are vulnerable to a local authentication bypass. Attackers can exploit a flawed secret verification process in the BYOT shell jump sessions, allowing unauthorized access to jump items by guessing only the first character of the secret. Las versiones 22.2.x a 22.4.x de BeyondTrust Privileged Remote Access (PRA) son vulnerables a una omisión de autenticación local. Los atacantes pueden aprovechar un proceso de verificación de secretos defectuoso en las sesiones de salto del shell BYOT, lo que permite el acceso no autorizado a elementos de salto adivinando solo el primer carácter del secreto. • https://www.compass-security.com/fileadmin/Research/Advisories/2023_03_CSNC-2022-018_PRA_Privilege_Escalation.txt • CWE-287: Improper Authentication •
CVE-2023-4310
https://notcve.org/view.php?id=CVE-2023-4310
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user. This issue is fixed in version 23.2.3. BeyondTrust Privileged Remote Access (PRA) y Remote Support (RS) versiones 23.2.1 y 23.2.2 contienen una vulnerabilidad de inyección de comandos que puede explotarse mediante una solicitud HTTP maliciosa. La explotación exitosa de esta vulnerabilidad puede permitir que un atacante remoto no autenticado ejecute comandos del sistema operativo subyacente dentro del contexto del usuario del sitio. • https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0020207 https://www.beyondtrust.com/blog/entry/security-update-for-remote-support-and-privileged-remote-access • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2021-31589 – BeyondTrust Remote Support 6.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-31589
A cross-site scripting (XSS) vulnerability has been reported and confirmed for BeyondTrust Secure Remote Access Base Software version 6.0.1 and older, which allows the injection of unauthenticated, specially-crafted web requests without proper sanitization. Se ha notificado y confirmado una vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) para la versión 6.0.1 y anteriores del software de base de acceso remoto seguro de BeyondTrust, que permite la inyección de solicitudes web no autenticadas y especialmente diseñadas sin el saneamiento adecuado BeyondTrust Remote Support versions 6.0 and below suffer from a cross site scripting vulnerability. • https://github.com/karthi-the-hacker/CVE-2021-31589 http://packetstormsecurity.com/files/165408/BeyondTrust-Remote-Support-6.0-Cross-Site-Scripting.html https://cxsecurity.com/issue/WLB-2022010013 https://www.beyondtrust.com/docs/release-notes/index.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-42254
https://notcve.org/view.php?id=CVE-2021-42254
BeyondTrust Privilege Management prior to version 21.6 creates a Temporary File in a Directory with Insecure Permissions. BeyondTrust Privilege Management versiones anteriores a 21.6, crea un Archivo Temporal en un directorio con permisos no seguros • https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0008/MNDT-2021-0008.md https://www.beyondtrust.com/blog • CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2021-3156 – Sudo Heap-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2021-3156
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. Sudo versiones anteriores a 1.9.5p2 contiene un error de desbordamiento que puede resultar en un desbordamiento de búfer basado en la pila, lo que permite la escalada de privilegios a root a través de "sudoedit -s" y un argumento de línea de comandos que termina con un solo carácter de barra invertida A flaw was found in sudo. A heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is exploitable by any local user who can execute the sudo command (by default, any local user can execute sudo) without authentication. Successful exploitation of this flaw could lead to privilege escalation. • https://www.exploit-db.com/exploits/49521 https://www.exploit-db.com/exploits/49522 https://github.com/blasty/CVE-2021-3156 https://github.com/worawit/CVE-2021-3156 https://github.com/stong/CVE-2021-3156 https://github.com/reverse-ex/CVE-2021-3156 https://github.com/CptGibbon/CVE-2021-3156 https://github.com/Rvn0xsy/CVE-2021-3156-plus https://github.com/mr-r3b00t/CVE-2021-3156 https://github.com/0xdevil/CVE-2021-3156 https://github.com/unauth401/CVE-20 • CWE-122: Heap-based Buffer Overflow CWE-193: Off-by-one Error •