Command Injection Vulnerability in Privileged Remote Access and Remote Support Products
CVE-2024-12356
Key Information:
- Vendor
- Beyondtrust
- Status
- Remote Support
- Privileged Remote Access
- Vendor
- CVE Published:
- 17 December 2024
Badges
What is CVE-2024-12356?
CVE-2024-12356 is a critical vulnerability affecting Privileged Remote Access (PRA) and Remote Support (RS) products developed by Beyondtrust. This vulnerability allows unauthenticated attackers to execute arbitrary commands with the privileges of a site user, which can potentially lead to unauthorized access and manipulation of sensitive systems. Organizations utilizing these products may find their security posture severely compromised, risking the exposure of confidential information and systems to malicious actors.
Technical Details
This vulnerability arises from the improper handling of input within the affected PRA and RS products, enabling command injection attacks. An attacker can exploit this flaw without authentication, thereby executing commands directly on the system as if they were a legitimate user. The absence of adequate input validation in the applications is the root cause of this security issue, making it critical for organizations to address it promptly.
Potential impact of CVE-2024-12356
-
Unauthorized System Access: The fundamental nature of the command injection vulnerability allows attackers to gain unauthorized access to systems, enabling them to perform actions normally reserved for legitimate users. This could lead to extensive data breaches and system control.
-
Data Integrity Compromise: With command execution capabilities, attackers could manipulate or delete critical data, jeopardizing the integrity of databases and other sensitive information within the organization.
-
Increased Risk of Cyberattacks: Exploitation of this vulnerability could serve as a foothold for further attacks, potentially allowing attackers to install malware, conduct espionage, or launch additional exploits, significantly increasing the overall threat landscape for affected organizations.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Privileged Remote Access 0 <= 24.3.1
Remote Support 0 <= 24.3.1
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
Get notified when SecurityVulnerability.io launches alerting π
Well keep you posted π§
News Articles
TecheratiSerious PostgreSQL flaw exploited in US Treasury zero-day attack - Techerati
Researchers believe a zero-day weakness in PostgreSQL played a major role in hacks that were able to successfully breach the US Treasury.
2 days ago
Critical PostgreSQL bug tied to zero-day attack on US Treasury
A high-severity SQL injection bug in the PostgreSQL interactive tool was exploited alongside the zero-day used to break into the US Treasury in December, researchers say. Rapid7's principal security...
1 week ago
The RegisterPostgreSQL bug played key role in zero-day Treasury attack
A high-severity SQL injection bug in the PostgreSQL interactive tool was exploited alongside the zero-day used to break into the US Treasury in December, researchers say. Rapid7's principal security...
1 week ago
References
CVSS V3.1
Timeline
- π‘
Public PoC available
- π
Vulnerability started trending
- π¦
CISA Reported
- πΎ
Exploit known to exist
- π°
First article discovered by SecurityWeek
Vulnerability published
Vulnerability Reserved