A Critical Patch for BeyondTrust: Protecting Against Unauthenticated Attacks
Hackers can remotely exploit critical vulnerabilities in BeyondTrust’s Remote Support and Privileged Remote Access products, which could grant them control over susceptible devices, according to the company’s latest security patch update.
BeyondTrust’s Remote Support and Privileged Remote Access solutions provide technical teams with remote access and control over devices, but this same access can now be exploited by unauthenticated attackers. The company has released patches to fix this issue, emphasizing that these flaws are critical and must be addressed immediately.
Identifying the Vulnerabilities
The first vulnerability, identified as CVE-2024-XXXX, is a server-side request forgery (SSRF) issue that affects Remote Support. This flaw, if successfully exploited, enables an attacker to send malicious requests on behalf of the server, granting them unauthorized access to the system.
The second vulnerability, tracked as CVE-2024-XXXX-1, affects Privileged Remote Access and is a classic case of an authentication bypass flaw. Attackers could exploit this vulnerability to access systems without proper authentication, giving them elevated privileges and control over the system.
What this means
If left unpatched, these vulnerabilities leave susceptible systems open to unauthenticated attacks, potentially putting critical infrastructure, sensitive data, and business operations at risk. IT teams and administrators responsible for BeyondTrust’s Remote Support and Privileged Remote Access solutions must update their systems immediately to prevent potential breaches.
BeyondTrust emphasizes that these vulnerabilities are critical and urge users to apply the latest patches without delay to ensure the security and integrity of their systems. Users can find more information and the latest patches on the official BeyondTrust website.


