{"api_version":"1","generated_at":"2026-04-23T00:40:58+00:00","cve":"CVE-2023-4310","urls":{"html":"https://cve.report/CVE-2023-4310","api":"https://cve.report/api/cve/CVE-2023-4310.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-4310","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-4310"},"summary":{"title":"CVE-2023-4310","description":"BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user. This issue is fixed in version 23.2.3.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2023-09-05 21:15:00","updated_at":"2023-11-07 04:22:00"},"problem_types":["CWE-77"],"metrics":[],"references":[{"url":"https://www.beyondtrust.com/blog/entry/security-update-for-remote-support-and-privileged-remote-access","name":"https://www.beyondtrust.com/blog/entry/security-update-for-remote-support-and-privileged-remote-access","refsource":"","tags":[],"title":"Security Update for Remote Support and Privileged… | BeyondTrust","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0020207","name":"https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0020207","refsource":"MISC","tags":[],"title":"CSM Login Okta - Customer Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-4310","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4310","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"4310","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"beyondtrust","cpe5":"privileged_remote_access","cpe6":"23.2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4310","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"beyondtrust","cpe5":"privileged_remote_access","cpe6":"23.2.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4310","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"beyondtrust","cpe5":"remote_support","cpe6":"23.2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4310","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"beyondtrust","cpe5":"remote_support","cpe6":"23.2.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-4310","ASSIGNER":"cve@mitre.org","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user. This issue is fixed in version 23.2.3.\n"}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')","cweId":"CWE-77"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"BeyondTrust","product":{"product_data":[{"product_name":"Privileged Remote Access (PRA)","version":{"version_data":[{"version_affected":"=","version_value":"23.2.1"},{"version_affected":"=","version_value":"23.2.2"}]}},{"product_name":"Remote Support (RS)","version":{"version_data":[{"version_affected":"=","version_value":"23.2.1"},{"version_affected":"=","version_value":"23.2.2"}]}}]}}]}},"references":{"reference_data":[{"url":"https://www.beyondtrust.com/blog/entry/security-update-for-remote-support-and-privileged-remote-access","refsource":"MISC","name":"https://www.beyondtrust.com/blog/entry/security-update-for-remote-support-and-privileged-remote-access"},{"url":"https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0020207","refsource":"MISC","name":"https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0020207"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"discovery":"UNKNOWN"},"solution":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Apply vendor patch 23.2.3."}],"value":"Apply vendor patch 23.2.3."}]},"nvd":{"publishedDate":"2023-09-05 21:15:00","lastModifiedDate":"2023-11-07 04:22:00","problem_types":["CWE-77"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:beyondtrust:remote_support:23.2.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:beyondtrust:remote_support:23.2.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:beyondtrust:privileged_remote_access:23.2.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:beyondtrust:privileged_remote_access:23.2.2:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}