BeyondTrust Releases Security Advisory for Remote Support & Privileged Remote Access


BeyondTrust has released a security advisory to address a vulnerability in the Remote Support and Privileged Remote Access systems. Remote Support allows authorised individuals such as IT Helpdesk staff to connect to remote systems.

Privileged Remote Access facilitates just-in-time secure access to enterprise environments. CVE-2025-5309 is an ‘improper control of generation of code’ vulnerability with a CVSSv4 base score of 8.6. Successful exploitation could allow a remote unauthenticated attacker to execute arbitrary code in the context of the server.

Read more…
Source: NHS Digital


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • QR Codes Serve Up a Menu of Security Concerns

    September 15, 2020

    Quick Response (QR) codes are booming in popularity and hackers are flocking to exploit the trend. Worse, according to a new study, people are mostly ignorant to how QR codes can be easily abused to launch digital attacks. The reason QR code use is skyrocketing is tied to more brick-and-mortar businesses are forgoing paper brochures, menus ...

  • A Blind Spot in ICS Security: The Protocol Gateway [Part 2] Vulnerability Allowing Stealth Attacks on Industrial Control Systems

    September 14, 2020

    A protocol gateway is a small network device, also called a protocol converter” or “IoT gateway.” It is similar to an “interpreter” in the digital word, and acts as a communications intermediary between different protocols. As the integration of networks accelerates with IoT, protocol conversion grows increasingly important. However, the security of protocol gateways has not ...

  • Feds Warn Nation-State Hackers are Actively Exploiting Unpatched Microsoft Exchange, F5, VPN Bugs

    September 14, 2020

    The U.S. government is warning that Chinese threat actors have successfully compromised several government and private sector entities in recent months, by exploiting vulnerabilities in F5 BIG-IP devices, Citrix and Pulse Secure VPNs and Microsoft Exchange servers. Patches are currently available for all these flaws – and in some cases, have been available for over a ...

  • Palo Alto Networks fixes critical flaw in PAN-OS firewall software

    September 11, 2020

    Palo Alto Networks has fixed a new critical vulnerability affecting multiple versions of PAN-OS, the operating system affecting its next-generation firewalls. The issue received the identification number CVE-2020-2040 and has a severity score of 9.8 out of 10 and requires no user interaction. An unauthenticated attacker can exploit it by sending a malicious request to specific ...

  • September Patch Tuesday Updates Exchange, SharePoint

    September 9, 2020

    This month’s update includes 129 updates for the Microsoft Office suite, with 15 specifically addressing SharePoint vulnerabilities. Of the total number, 23 have been rated Critical and 105 as Important. No zero days have been observed, but four vulnerabilities are under close scrutiny for their potential abuse. Specifically, CVE-2020-16875 can be exploited for remote code execution ...

  • Exposed Docker Server Abused to Drop Cryptominer, DDoS Bot

    September 8, 2020

    Malicious actors continue to target environments running Docker containers. We recently encountered an attack that drops both a malicious cryptocurrency miner and a distributed denial-of-service (DDoS) bot on a Docker container built using Alpine Linux as its base image. A similar attack was also reported by Trend Micro in May; in that previous attack, threat ...