VYPR

Remote Support & Privileged Remote Access

by Beyondtrust

CVEs (7)

  • CVE-2024-12356CriKEVDec 17, 2024
    risk 0.86cvss 9.8epss 0.88

    A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.

  • CVE-2025-5309CriJun 16, 2025
    risk 0.64cvss 9.8epss 0.01

    The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution.

  • CVE-2023-4310CriSep 5, 2023
    risk 0.64cvss 9.8epss 0.01

    BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote…

  • CVE-2024-12686MedKEVDec 18, 2024
    risk 0.56cvss 6.6epss 0.14

    A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.

  • CVE-2025-0217HigMay 5, 2025
    risk 0.51cvss 7.8epss 0.00

    BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are vulnerable to a local authentication bypass. A local authenticated attacker can view the connection details of a ShellJump session that was initiated with external tools, allowing unauthorized access to…

  • CVE-2023-23632HigOct 12, 2023
    risk 0.51cvss 7.8epss 0.00

    BeyondTrust Privileged Remote Access (PRA) versions 22.2.x to 22.4.x are vulnerable to a local authentication bypass. Attackers can exploit a flawed secret verification process in the BYOT shell jump sessions, allowing unauthorized access to jump items by guessing only the first…

  • CVE-2026-1731KEVFeb 6, 2026
    risk 0.27cvss epss 0.86

    BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating…