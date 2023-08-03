BeyondTrust reveals appliance vulnerability

By

Cloud service already fixed.

A remote access management vulnerability has emerged in BeyondTrust appliances.

BeyondTrust reveals appliance vulnerability

The security advisory is available to customers only, but security researcher Brian Krebs has obtained and published a copy.

BeyondTrust’s senior VP for product management Sam Elliott confirmed the vulnerability to iTnews.

“During a recent test, we discovered a critical security vulnerability that requires immediate attention from our customers exclusively running Remote Support versions 23.2.1 and 23.2.2, as well as Privileged Remote Access Versions 23.2.1 and 23.2.2,” Elliott said, both of which were released in the last three months.

The company remediated the bug “immediately”, he said. 

“A patch is available and has been automatically deployed to our cloud customers, and to all on-premises customers who participate in our automatic critical update process. 

“All impacted on-premises customers have been proactively contacted to install the available patch immediately.”

The bug has a CVSS score of 10, and according to the advisory posted by Krebs, it’s a command injection vulnerability that gives unauthenticated remote attackers the ability to “execute underlying operating system commands within the context of the site user”.

The company said it discovered the vulnerability during “standard code audits and penetration tests”.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
beyondtrustsecurity

Sponsored Whitepapers

Operational Excellence Through System Modernisation
Operational Excellence Through System Modernisation
The Complete Cloud Security Buyer's Guide
The Complete Cloud Security Buyer's Guide
The Complete MDR Buyer's Guide
The Complete MDR Buyer's Guide
Responding To Industry Trends And Our 5m+ Users
Responding To Industry Trends And Our 5m+ Users
The Future of Digital Identity in Government
The Future of Digital Identity in Government

Events

Most Read Articles

ATO attackers filed $557 million in false claims

ATO attackers filed $557 million in false claims
Russian court jails cyber security executive for 14 years

Russian court jails cyber security executive for 14 years
Cloud company assisted 17 different government hacking groups

Cloud company assisted 17 different government hacking groups
Google handed user data to Aus authorities 5525 times last year

Google handed user data to Aus authorities 5525 times last year

Digital Nation

DeepAI founder on the risks of artificial intelligence
DeepAI founder on the risks of artificial intelligence
Health tech startup Kismet raises $4m in pre-seed funding
Health tech startup Kismet raises $4m in pre-seed funding
More than half of loyalty members concerned about their data
More than half of loyalty members concerned about their data
COVER STORY: What AI regulation might look like in Australia
COVER STORY: What AI regulation might look like in Australia
How eBay uses interaction analytics to improve CX
How eBay uses interaction analytics to improve CX

Log In

  |  Forgot your password?