CVE-2024-12356 - BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability
Project:BeyondTrust
Product:Privileged Remote Access (PRA) and Remote Support (RS)
Date Added:2024-12-19Due Date:2024-12-27
Vulnerability Name
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability
Description
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain a command injection vulnerability, which can allow an unauthenticated attacker to inject commands that are run as a site user.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://www.beyondtrust.com/trust-center/security-advisories/bt24-10
https://nvd.nist.gov/vuln/detail/CVE-2024-12356
Related News Articles
BeyondTrust warns of pre-auth RCE in Remote Support softwareJune 18, 2025
PostgreSQL flaw exploited as zero-day in BeyondTrust breachFebruary 14, 2025
PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted AttacksFebruary 14, 2025
BeyondTrust Zero-Day Breach Exposed 17 SaaS Customers via Compromised API KeyFebruary 1, 2025
CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active AttacksJanuary 14, 2025