Local Authentication Bypass in BeyondTrust Privileged Remote Access
CVE-2023-23632

7.8HIGH

Key Information:

Vendor: Beyondtrust
Status: Privileged Remote Access
Vendor: CVE Published:; 12 October 2023

🔔 Create Beyondtrust Vulnerability Alert

What is CVE-2023-23632?

BeyondTrust Privileged Remote Access (PRA) versions 22.2.x through 22.4.x are affected by a vulnerability that allows attackers to bypass local authentication. This exploitation is made possible through a flaw in the secret verification mechanism utilized in BYOT shell jump sessions. By guessing just the first character of the secret, an unauthorized user can gain access to jump items, posing a significant risk to sensitive information and systems managed through the PRA service.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.compass-security.com/fileadmin/Research/Advis...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 12, 2023
Vulnerability Reserved
Jan 16, 2023

JSON

Beyondtrust

What is CVE-2023-23632?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.