A critical flaw was found and patched in BeyondTrust remote management products. Censys, a cybersecurity platform that maps exposed internet assets, has identified 190,832 exposed web properties and is urging users to update ASAP.
Hacktron, a fully autonomous offensive security platform, has discovered a critical vulnerability in two BeyondTrust products, Remote Support and Privileged Remote Access, widely used in enterprise environments for remote access.
The bug was given a severity score of 9.9 out of 10, which is about as bad as it gets.
Unauthenticated hackers can abuse it to execute operating system commands in the context of the site user, and the exploitation is trivial – it only requires sending specially crafted requests.
BeyondTrust has plugged its cloud services and released an emergency patch for self-hosted customers, urging them to apply it manually.
“Successful exploitation requires no authentication or user interaction and may lead to system compromise, including unauthorized access, data exfiltration, and service disruption,” the firm warns.
IT teams often use Remote Support (RS) to access and troubleshoot employees’ computers remotely. It’s like an enterprise-grade TeamViewer or AnyDesk alternative.
Meanwhile, the Privileged Remote Access (PRA) product allows users to access critical systems remotely. It is used by administrators (root users) to remotely manage and monitor servers.
Fortunately, the technical details haven’t yet been made public, giving administrators time to patch the affected instances.
Security researchers who discovered the flaw warn that the two products are widely deployed and that “the potential blast radius of this vulnerability is significant.”
“Approximately 11,000 instances are exposed to the internet, including both cloud and on-prem deployments. About ~8,500 of those are on-prem deployments, which remain potentially vulnerable if patches aren’t applied,” Hacktron said in a blog post.
“This vulnerability was discovered through our AI-enabled variant analysis capabilities and was responsibly disclosed to BeyondTrust.”
Censys (and hackers) see nearly 200K exposed “web properties”
Cybersecurity platform Censys released an advisory warning that its scans reveal 190,832 exposed and trackable web properties related to affected BeyondTrust products.
“No public PoCs are available at the time of writing, but the attack is straightforward to exploit, so it is important to patch as quickly as possible,” Censys warns.
The platform also released a map of 4,724 exposed hosts. At the time of writing, most of them (2,535) are in the US, followed by 221 in Germany, 204 in Canada, 183 in France, 138 in Switzerland, and 107 in the Netherlands.
“Industries where BeyondTrust’s RS solutions are commonly deployed – large enterprises, healthcare, financial services, government, and hospitality,” Hacktron noted in their report.
The researchers also acknowledged that BeyondTrust handled its disclosure “exceptionally well,” confirming and deploying a patch to cloud customers within 2 days, while coordinating closely on the public disclosure timeline.
“This finding demonstrates the effectiveness of combining AI-driven analysis with security research expertise to uncover critical vulnerabilities before they can be exploited in the wild,” the researchers concluded.
No active exploitation of this vulnerability in the wild has yet been reported.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked