CVE-2023-23632: 
BeyondTrust Privileged Remote Access Client vulnerability analysis and mitigation

BeyondTrust Privileged Remote Access (PRA) versions 22.2.x to 22.4.x contain a local authentication bypass vulnerability identified as CVE-2023-23632. The vulnerability was discovered on December 2, 2022, by Christian Feuchter from Compass Security and was publicly disclosed in October 2023. The vulnerability affects the BYOT shell jump sessions feature, where attackers can exploit a flawed secret verification process to gain unauthorized access to jump items (Compass Advisory).

The vulnerability exists in the external tools feature for shell jump sessions. When enabled, the system starts a local SSH listener on 127.0.0.1 and generates a random secret as a username parameter for authentication. However, the system's validation of this secret is flawed - it only verifies if the provided characters are in the correct position without checking the total number of characters. As a result, only the first correct character is required to establish a connection, effectively bypassing the authentication mechanism. The vulnerability has been assigned a CVSS v3.1 base score of 8.6 (High) with the vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H (Compass Advisory).

The vulnerability allows a low-privileged malicious process or another user on the same host to connect to a jump item's shell (network device, server, etc.) without proper authentication. Since no brute force protection is implemented, the first character can be quickly guessed, making the exploitation reliable and allowing unauthorized access to jump items (Compass Advisory).

As a temporary workaround, administrators can disable the usage of external tools for Shell Jump sessions. For a permanent fix, BeyondTrust recommends updating Privileged Remote Access to version 22.3.3, 23.1.1, or newer. The patch was released on May 9, 2023 (Compass Advisory).