BeyondTrust warns of critical remote access software flaws

▼ Summary
– BeyondTrust warned customers about two critical security flaws in its Remote Support and Privileged Remote Access software.
– These flaws could allow attackers to bypass authentication.
BeyondTrust has issued an urgent advisory urging customers to apply patches for two critical security vulnerabilities found in its Remote Support (RS) and Privileged Remote Access (PRA) platforms. These flaws could enable attackers to bypass authentication entirely, potentially granting unauthorized access to sensitive systems.
The vulnerabilities, assigned CVE identifiers, affect versions of the software used by organizations for secure remote troubleshooting and privileged access management. If left unpatched, an attacker could exploit these weaknesses to compromise remote sessions without needing valid credentials. This poses a significant risk, as these tools are often deployed in high-security environments such as IT help desks and managed service providers.
BeyondTrust has released updated versions of both RS and PRA that remediate the issues. The company strongly recommends that all customers upgrade to the latest builds immediately to mitigate potential threats. No workarounds are available, underscoring the importance of swift action.
This advisory follows a pattern of increased scrutiny on remote access tools, which have become prime targets for cybercriminals seeking to exploit the expanded attack surface created by hybrid work models. BeyondTrust, a leader in privileged access management, has not reported active exploitation of these flaws in the wild, but the critical severity rating leaves little room for delay.
Organizations using these products should prioritize patching as part of their vulnerability management routine. The company has also provided detailed guidance on its support portal to assist administrators with the update process. As always, maintaining robust security hygiene for remote access infrastructure is essential to prevent unauthorized intrusions.
(Source: BleepingComputer)




