Horizon Alert
Summary of the vulnerability and why it matters
A critical vulnerability has been identified in the authentication system of BeyondTrust Remote Support and Privileged Remote Access products. This issue could allow an attacker on the network to bypass security controls and gain unauthorized access to the appliance, potentially accessing privileged accounts. Exploitation is dependent on a specific authentication configuration being enabled.
- Unauthorized access to appliances is possible.
- Confirms the need for proper configuration management.
- Verify relevance and exposure to protected systems.
Attack Path
How an attacker could exploit the issue
An attacker on the network could exploit this vulnerability by targeting the authentication system without needing any prior credentials. If a specific authentication configuration is active, the attacker can bypass access controls, gaining unauthorized access to the appliance and potentially privileged accounts. This could lead to significant compromise of the system.
- Network access required.
- Improper authentication data validation.
- Unauthorized access to appliance.
Live Threat
Current exploitation, exposure, and threat context
A network-positioned attacker, when specific authentication configurations are enabled, could bypass access controls and gain unauthorized access to the appliance, potentially accessing accounts with elevated privileges.
- Appliance access and elevated accounts.
- Bypass access controls via improper validation.
- Unauthorized access to sensitive system data.
Operational Fix
Recommended remediation, mitigation, and detection steps
Given the nature of BeyondTrust Remote Support and Privileged Remote Access as network edge appliances, platform or infrastructure teams are likely responsible for their operation, with security teams overseeing access controls and vendor-management teams coordinating with BeyondTrust. The immediate priority is to identify all deployed instances, determine their exposure and business criticality, and confirm the accountable owner before planning remediation.
- Platform/Infrastructure and Security teams.
- Confirm instance reachability and criticality.
- Plan remediation based on assessed risk.