Horizon Alert
Summary of the vulnerability and why it matters
A critical vulnerability in BeyondTrust Remote Support's authentication system could allow unauthenticated attackers to bypass access controls and gain unauthorized access to appliances, potentially including privileged accounts, if a specific authentication configuration is enabled.
- Unauthenticated attackers may bypass access controls.
- Matters if the specific authentication configuration is enabled.
- Confirm relevance and exposure in your environment.
Attack Path
How an attacker could exploit the issue
An unauthenticated attacker could potentially bypass access controls by sending specially crafted authentication requests to the BeyondTrust Remote Support appliance. This could grant them unauthorized access, including elevated privileges, if a specific authentication configuration is enabled.
- Requires specific authentication configuration.
- Unauthenticated remote attacker bypasses access controls.
- Unauthorized access to appliance, including privileged accounts.
Live Threat
Current exploitation, exposure, and threat context
A pre-authentication vulnerability in BeyondTrust Remote Support's authentication subsystem could allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges, when a specific authentication configuration is enabled.
- Appliance access and elevated privileges.
- Bypass access controls.
- Unauthorized access to the appliance.
Operational Fix
Recommended remediation, mitigation, and detection steps
This critical vulnerability in BeyondTrust Remote Support's authentication subsystem requires careful triage by platform and security teams. The first practical step is to identify all instances of the affected appliance, confirm if the specific authentication configuration is enabled, and assess business criticality and external reachability to determine ownership and plan remediation.
- Platform and security teams own triage.
- Verify authentication configuration and reachability.
- Coordinate vendor engagement and remediation.