CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2024-12356: Command Injection Vulnerability in BeyondTrust PRA and RS
Overview:
CVE-2024-12356 is a critical vulnerability affecting BeyondTrust’s Privileged Remote Access (PRA) and Remote Support (RS) solutions. This flaw, with a CVSS score of 9.8, allows unauthenticated attackers to execute arbitrary commands on the underlying operating system through specially crafted client requests. This means that attackers can potentially gain control over the system without needing to authenticate, posing a significant security risk.
Technical Details:
The vulnerability stems from improper input validation in the affected versions of BeyondTrust PRA and RS. By sending a maliciously crafted request, an attacker can inject and execute arbitrary commands, leading to unauthorized access and control over the system.
Impacted Versions:
- Privileged Remote Access (PRA): Versions 24.3.1 and earlier
- Remote Support (RS): Versions 24.3.1 and earlier
Fixed Versions:
- Patches are available for versions 22.1.x and higher
- Specific patches: BT24-10-ONPREM1 and BT24-10-ONPREM2
Potential Impact:
If successfully exploited, this vulnerability can result in:
- Execution of unauthorized commands
- Potential compromise of critical infrastructure and systems
- Unauthorized access and control over affected systems
- Data breaches and loss of sensitive information
CISA sets January 09, 2025, as a deadline for federal agencies to remediate the vulnerabilities
