CVE-2024-12356 (CVSS 9.8): Critical Vulnerability in BeyondTrust PRA and RS Enables Remote Code Execution
A critical command injection vulnerability (CVE-2024-12356) has been discovered in BeyondTrust’s Privileged Remote Access (PRA) and Remote Support (RS) solutions. With a CVSS score of 9.8, this flaw represents a severe risk to organizations relying on these products for remote IT management and privileged access.
The vulnerability affects all versions of PRA and RS up to and including version 24.3.1. BeyondTrust’s advisory explains that this flaw allows “an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user.” Exploited via a malicious client request, this issue could compromise critical infrastructure and systems by enabling unauthorized control.
The advisory lists the following affected versions:
- Privileged Remote Access (PRA): Versions 24.3.1 and earlier.
- Remote Support (RS): Versions 24.3.1 and earlier.
BeyondTrust has released patches to remediate the CVE-2024-12356 vulnerability. These are available for RS and PRA versions 22.1.x and higher, with the specific patches named BT24-10-ONPREM1 and BT24-10-ONPREM2, depending on the version in use.
For cloud-based deployments of PRA and RS, BeyondTrust has automatically applied the necessary patches as of December 16, 2024. On-premise customers are advised to take the following steps:
- Apply Patches: Ensure the appropriate patch is applied via the /appliance interface.
- Upgrade Older Versions: If running versions older than 22.1, upgrade to a supported version to access the patches.
“On-premise customers of RS/PRA should apply the patch if their instance is not subscribed to automatic updates,” the advisory urges. Organizations that delay patching may leave critical systems exposed to exploitation.
Related Posts:
- Okta’s Security Breach Puts Businesses on Alert
- Broadcom Urges Immediate Patching for Critical Symantec PAM Vulnerabilities
