Skip to main content

A critical vulnerability in BeyondTrust remote access tools could lead to code injection

Threat ID:CC-4591
Threat Severity:Medium
Published:17 December 2024 3:16 PM

Summary

A critical vulnerability in BeyondTrust remote access tools could lead to code injection

Affected platforms

The following platforms are known to be affected:

Versions: 24.3.1 and earlier
BeyondTrust Remote Support
Versions: 24.3.1 and earlier
BeyondTrust Privileged Remote Access

Threat details

Exploitation of CVE-2024-12356 & CVE-2024-12686

CISA has reported exploitation of CVE-2024-12356 & CVE-2024-12686 in the wild. NHS England National CSOC urges organisations to apply relevant security updates to affected versions of BeyondTrust as soon as practicable.


Introduction

BeyondTrust has released security advisories that address vulnerabilities in the Remote Support and Privileged Remote Access systems. Remote Support allows authorised individuals such as IT Helpdesk staff to connect to remote systems. Privileged Remote Access facilitates just-in-time secure access to enterprise environments.

The first advisory covered the 'command injection' vulnerability CVE-2024-12356, which has a CVSSv3 score of 9.8. If exploited, an unauthenticated attacker could inject commands into the site in the context of a site user.

The second advisory was released addressing a medium severity 'command injection' vulnerability known as CVE-2024-12686, which was remediated in the same updates. CVE-2024-12686 has a CVSSv3 score of 6.6 and, if exploited, could allow an attacker with existing administrative privileges to inject commands in the context of a site user. 

Threat updates

   
15 Jan 2025 CVE-2024-12686 and corresponding advisory BT24-11 added to alert.
20 Dec 2024 CISA has reported exploitation of CVE-2024-12356 in the wild.

Remediation advice

Affected organisations are encouraged to review the BeyondTrust Security Advisory BT24-10 & BT24-11, and apply the relevant updates.

Definitive source of threat updates

CVE Vulnerabilities

StatusPublished
CVE-2024-12356A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.
StatusPublished
CVE-2024-12686A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.

Last edited: 15 January 2025 2:08 pm

Back to top