SafetyDetectives
$ United States dollar
$ United States dollar Euro£ British poundAED UAE dirhamARS Argentine pesoAU$ Australian dollarBGN Bulgarian levR$ Brazilian realCA$ Canadian dollarCHF Swiss francCLP Chilean pesoCN¥ Chinese yuanCOP Colombian pesoCZK Czech korunaDKK Danish kroneEGP Egyptian poundHK$ Hong Kong dollarHUF Hungarian forintIDR Indonesian rupiah Israeli new shekelINR Indian rupee¥ Japanese yen South Korean wonMX$ Mexican pesoMYR Malaysian ringgitNOK Norwegian kroneNZ$ New Zealand dollarPLN Polish złotyRON Romanian leuRUB Russian rubleSAR Saudi riyalSEK Swedish kronaSGD Singapore dollar฿ Thai bahtTRY Turkish liraNT$ New Taiwan dollarUAH Ukrainian hryvnia Vietnamese DongZAR South African rand

Another BeyondTrust Security Issue Lands on CISA’s Exploited List

Penka Hristovska
Penka Hristovska Senior Editor
Published on: January 16, 2025
Penka Hristovska Penka Hristovska
Published on: January 16, 2025 Senior Editor

The Cybersecurity and Infrastructure Security Agency (CISA) announced on Monday that it has identified a serious security flaw, known as a command injection vulnerability, in BeyondTrust’s Remote Support and Privileged Access products.

This type of vulnerability can allow hackers to execute unauthorized commands on a system, potentially giving them control. CISA has added this issue to its catalog of known exploited vulnerabilities, a list used to alert organizations to actively targeted weaknesses.

BeyondTrust resolved the issue by releasing a patch for supported versions of Remote Support (RS) and Privileged Remote Access (PRA), specifically for versions 22.1 and above.

The medium-severity flaw, identified as CVE-2024-12686, allows attackers with administrative access to inject commands into a network and execute them as if they were legitimate site users, CISA explains.

“CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice,” CISA noted in its latest alert.

This vulnerability is rated 6.6 on the Common Vulnerability Scoring System (CVSS) — a score that indicates a notable risk that requires attention, particularly if attackers have already gained administrative privileges.

This CVE marks the second vulnerability disclosed by BeyondTrust during its investigation into a series of attacks in December. In those incidents, attackers exploited a compromised Remote Support SaaS API key to reset the passwords of multiple accounts.

The attacks affected a limited number of BeyondTrust’s Remote Support SaaS customers, highlighting the potential risks of exposed API keys and the need for security measures.

The first vulnerability was made public back In December when CISA added CVE-2024-12356 to its KEV catalog. BeyondTrust identified this critical command injection flaw, rated 9.8 on the CVSS scale.

It remains unclear how the medium-severity CVE-2024-12686 is being used in attacks, whether it is exploited independently or combined with the critical CVE-2024-12356 vulnerability.

About the Author
Penka Hristovska
Penka Hristovska
Senior Editor
Published on: January 16, 2025

About the Author

Penka Hristovska is an editor at SafetyDetectives. She was an editor at several review sites that covered all things technology — including VPNs and password managers — and had previously written on various topics, from online security and gaming to computer hardware. She’s highly interested in the latest developments in the cybersecurity space and enjoys learning about new trends in the tech sector. When she’s not in “research mode,” she’s probably re-watching Lord of The Rings or playing DOTA 2 with her friends.

Leave a Comment