All vulnerabilities
CVE-2024-12356
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability
BeyondTrust — Privileged Remote Access (PRA) and Remote Support (RS)
- Added to KEV catalog
- 19 December 2024
- Federal remediation due date
- 27 December 2024
- Weakness classification (CWE)
- CWE-77
CISA Description
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain a command injection vulnerability, which can allow an unauthenticated attacker to inject commands that are run as a site user.
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes
https://www.beyondtrust.com/trust-center/security-advisories/bt24-10 ; https://nvd.nist.gov/vuln/detail/CVE-2024-12356
More BeyondTrust Vulnerabilities
Confirm Your Exposure
Is this vulnerability present in your environment?
CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.
Explore VAPT Services