The tldr; is that we found a privilege escalation vulnerability that leveraged a race condition in their “Elevation Service”.
The Elevation System is an additional feature used to allow technicians to be granted temporary admin privileges on a system without the need to manage local Windows security groups. The privileges of who can use the Elevation Service is handled by the Beyond Trust Remote Support app.
Once the Elevation Service is installed, a Windows service is created named “Bomgar Automatic Elevation Service”. The service is comprised of the
bgelvsvc.exe executable running under the high-privilege
When an end-user begins a support session, they download and run an executable provided by entering a code in the support portal. This executable,
bomgar-scc-[randomstring].exe, is then run by the end user. Once started, the executable is deleted, and a set of new applications are created and started within the