Vulnerability CVE-2021-31589
Published: 2022-01-05

Description:
BeyondTrust Secure Remote Access Base Software through 6.0.1 allows an attacker to achieve full admin access to the appliance, by tricking the administrator into creating a new admin account through an XSS/CSRF attack involving a crafted request to the /appliance/users?action=edit endpoint. This cross-site-scripting (XSS) vulnerability occurs when it does not properly sanitize an unauthenticated crafted web request to the server

See advisories in our WLB2 database:
Topic
Author
Date
Low
BeyondTrust Remote Support 6.0 Cross Site Scripting
Malcrove
04.01.2022

Type:

CWE-352

 (Cross-Site Request Forgery (CSRF))

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Beyondtrust -> Appliance base software 

 References:
https://www.beyondtrust.com/docs/release-notes/index.htm
https://cxsecurity.com/issue/WLB-2022010013
http://packetstormsecurity.com/files/165408/BeyondTrust-Remote-Support-6.0-Cross-Site-Scripting.html
Copyright 2024, cxsecurity.com

 

Back to Top