BeyondTrust: command injection (CVE-2024-12356) #shorts

CVE

This CVE highlights a critical vulnerability involving command injection within BeyondTrust's Remote Support and Privileged Remote Access products. Identified five months ago, it targets systems up to version 24.3.1 and has notably impacted organizations like the Treasury Department. The vulnerability allows unauthenticated attackers to execute commands as though they are legitimate site users, posing a significant security risk. Although the specifics regarding the tools used in these attacks are not detailed, all users of these affected versions should be aware of the potential for unauthorized command execution, which can lead to severe consequences if exploited.

Watch the full video on YouTube: CVE-2024-12356

Remediation and exploitation details

This chain involves the following actors

This following systems are involved

Attack entry point

Remediation actions

Exploitation actions

Related Content

NOTE: The following related content has not been vetted and may be unsafe.

CVE database technical details

CVE ID
CVE-2024-12356
Description
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.
Provider
BT
CWE / problem types
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
Affected Software Versions
BeyondTrust:Remote Support:[{'lessThanOrEqual': '24.3.1', 'status': 'affected', 'version': '0', 'versionType': 'custom'}],BeyondTrust:Privileged Remote Access:[{'lessThanOrEqual': '24.3.1', 'status': 'affected', 'version': '0', 'versionType': 'custom'}]
Date Published
2024-12-17T04:29:07.883Z
Last Updated
2025-02-17T20:34:17.077Z