Critical Command Injection Vulnerability in Privileged Remote Access and Remote Support Products

CVE-2024-12356

9.8CRITICAL

Key Information

Vendor
Beyondtrust
Status
Remote Support & Privileged Remote Access
Vendor
CVE Published:
17 December 2024

Badges

😄 Trended👾 Exploit Exists🔴 Public PoC📰 News Worthy

Summary

CVE-2024-12356 represents a critical command injection vulnerability found in BeyondTrust's Privileged Remote Access and Remote Support products. This flaw enables unauthenticated attackers to inject malicious commands that are executed with the privileges of a site user. Such exploitation poses a significant risk, as it could allow attackers to gain unauthorized access to sensitive information or systems within an organization. Organizations utilizing vulnerable versions are strongly encouraged to apply available patches or mitigations as outlined in BeyondTrust's security advisory to protect against potential attacks.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-12356 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Remote Support & Privileged Remote Access <= 24.3.1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-12356
Created by cloudefence

News Articles

favicon imageGBHackers News

CISA Warns of BeyondTrust Privileged Remote Access Exploited in Wild

CISA has sounded the alarm over a critical vulnerability impacting BeyondTrust’s Privileged Remote Access (PRA) and Remote Support (RS) products.

1 day ago

favicon imageThe Hacker News

CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List

CISA lists CVE-2024-12356, a critical BeyondTrust flaw, as actively exploited. Update on-prem systems to patch vulnerabilities.

2 days ago

favicon imageHelp Net Security

BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356) - Help Net Security

BeyondTrust has fixed a critical command injection vulnerability (CVE-2024-12356) in Privileged Remote Access (PRA) and Remote Support (RS).

3 days ago

Refferences

https://www.cve.org/CVERecord?id=CVE-2024-12356
https://nvd.nist.gov/vuln/detail/CVE-2024-12356
https://www.beyondtrust.com/trust-center/security-advisor...

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability started trending

  • CISA Reported

  • 🔴

    Public PoC available

  • 👾

    Exploit known to exist

  • First article discovered by SecurityWeek

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre DatabaseCISA Database1 Proof of Concept(s)4 News Article(s)
.