Skip to main content

Remote Support CVE-2017-5996

HIGH
Untrusted Search Path (CWE-426)
2017-10-26 cve@mitre.org
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 26, 2017 - 18:29 cve.org
HIGH 7.8

DescriptionCVE.org

The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4 allows DLL hijacking because of weak %SYSTEMDRIVE%\ProgramData permissions.

AnalysisAI

The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4 allows DLL hijacking because of weak %SYSTEMDRIVE%\ProgramData permissions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-426. The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4 allows DLL hijacking because of weak %SYSTEMDRIVE%\ProgramData permissions. Affected products include: Beyondtrust Remote Support. Version information: before 15.2.3.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2026-1731 CRITICAL POC
9.8 Feb 06

BeyondTrust Remote Support (RS) and older versions of Privileged Remote Access (PRA) contain a critical pre-authenticati

CVE-2015-0935 HIGH POC
7.5 May 25

Bomgar Remote Support before 15.1.1 allows remote attackers to execute arbitrary PHP code via crafted serialized data to

CVE-2024-12356 CRITICAL POC
9.8 Dec 17

A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which ca

CVE-2025-5309 CRITICAL
9.8 Jun 16

Server-Side Template Injection (SSTI) vulnerability in the chat feature of Citrix Remote Support (RS) and Privileged Rem

CVE-2023-4310 CRITICAL
9.8 Sep 05

BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injectio

CVE-2026-40139 CRITICAL
9.2 Jul 06

Authentication bypass in BeyondTrust Remote Support (and the related Privileged Remote Access product) lets an unauthent

CVE-2026-40138 CRITICAL
9.2 Jul 06

Pre-authentication access-control bypass in BeyondTrust Remote Support and Privileged Remote Access appliances lets a ne

CVE-2026-40140 HIGH
8.7 Jul 06

Denial-of-service in BeyondTrust Remote Support and Privileged Remote Access appliances lets an unauthenticated remote a

CVE-2026-40141 HIGH
8.5 Jul 06

Improper data-query neutralization (NoSQL injection) in the web application component of BeyondTrust Remote Support and

CVE-2024-12686 HIGH
7.2 Dec 18

A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacke

Share

CVE-2017-5996 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy