Known Exploited Vulnerability
9.8
CRITICAL CVSS 3.1
CVE-2024-12356
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability - [Actively Exploited]
Description

A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.

INFO

Published Date :

Dec. 17, 2024, 5:15 a.m.

Last Modified :

Feb. 17, 2025, 9:15 p.m.

Remotely Exploit :

Yes !

Source :

13061848-ea10-403d-bd75-c83a022c2891
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain a command injection vulnerability, which can allow an unauthenticated attacker to inject commands that are run as a site user.

Required Action :

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Notes :

https://www.beyondtrust.com/trust-center/security-advisories/bt24-10 ; https://nvd.nist.gov/vuln/detail/CVE-2024-12356

Affected Products

The following products are affected by CVE-2024-12356 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Beyondtrust remote_support
2 Beyondtrust privileged_remote_access
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 CRITICAL 13061848-ea10-403d-bd75-c83a022c2891
CVSS 3.1 CRITICAL [email protected]
Solution
A command injection vulnerability exists in BeyondTrust PRA and RS.
  • Upgrade BeyondTrust Privileged Remote Access (PRA) to a non-vulnerable version.
  • Upgrade BeyondTrust Remote Support (RS) to a non-vulnerable version.
Public PoC/Exploit Available at Github

CVE-2024-12356 has a 3 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-12356.

URL Resource
https://nvd.nist.gov/vuln/detail/CVE-2024-12356 Third Party Advisory US Government Resource
https://www.beyondtrust.com/trust-center/security-advisories/bt24-10 Vendor Advisory
https://www.cve.org/CVERecord?id=CVE-2024-12356 Third Party Advisory US Government Resource
https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-12356 is associated with the following CWEs:

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

CVE-2024-12356: Improper Neutralization of Special Elements used in a Command ('Command Injection') (CWE-77)

Updated: 8 months, 1 week ago
2 stars 0 fork 0 watcher
Born at : Dec. 17, 2024, 3:01 p.m. This repo has been linked 1 different CVEs too.

CISA Bot is a GitHub bot that automatically monitors the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) Catalog. When new vulnerabilities are published in the KEV, the bot creates GitHub issues in this repository with detailed information about each vulnerability.

Python

Updated: 3 days, 11 hours ago
2 stars 1 fork 1 watcher
Born at : Oct. 29, 2024, 10:19 a.m. This repo has been linked 201 different CVEs too.

EPSS & VEDAS Score Aggregator for CVEs

cve vulnerability exploit epss vedas exploit-maturity

Updated: 1 day, 12 hours ago
250 stars 35 fork 35 watcher
Born at : April 13, 2021, 4:50 a.m. This repo has been linked 150 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-12356 vulnerability anywhere in the article.

  • Daily CyberSecurity
BeyondTrust Privilege Management for Windows: Two High-Severity Flaws Allow Local Privilege Escalation

BeyondTrust, a global leader in intelligent identity and access security, has issued two advisories addressing two local privilege escalation vulnerabilities in its Privilege Management for Windows pr ... Read more

Published Date: Jul 30, 2025 (3 weeks, 5 days ago)
  • BleepingComputer
BeyondTrust warns of pre-auth RCE in Remote Support software

BeyondTrust has released security updates to fix a high-severity flaw in its Remote Support (RS) and Privileged Remote Access (PRA) solutions that can let unauthenticated attackers gain remote code ex ... Read more

Published Date: Jun 18, 2025 (2 months ago)
  • Daily CyberSecurity
BeyondTrust PRA Vulnerability (CVE-2025-0217) Enables Session Hijacking via Authentication Bypass

A significant security vulnerability has been identified in BeyondTrust’s Privileged Remote Access (PRA) solution, posing a risk to organizations relying on this technology for managing privileged ses ... Read more

Published Date: May 05, 2025 (3 months, 2 weeks ago)
  • Cybersecurity News
HPE Insight RS Flaw: CVE-2024-53676 PoC Exploit Published, RCE Risk Looms

Security researcher Robin has published technical details and a proof-of-concept (PoC) exploit for CVE-2024-53676, a critical vulnerability in Hewlett Packard Enterprise Insight Remote Support (Insigh ... Read more

Published Date: Mar 05, 2025 (5 months, 2 weeks ago)
  • Cybersecurity News
BeyondTrust Privilege Management for Windows Vulnerability Allows Local Privilege Escalation

BeyondTrust, a leading provider of privileged access management solutions, has issued a security advisory addressing a critical vulnerability in its Privilege Management for Windows software. The vuln ... Read more

Published Date: Mar 01, 2025 (5 months, 3 weeks ago)
  • The Hacker News
BeyondTrust Zero-Day Breach Exposes 17 SaaS Customers via Compromised API Key

BeyondTrust has revealed it completed an investigation into a recent cybersecurity incident that targeted some of the company's Remote Support SaaS instances by making use of a compromised API key. Th ... Read more

Published Date: Feb 01, 2025 (6 months, 3 weeks ago)
  • The Hacker News
CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks

Vulnerability / Cybersecurity The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a second security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Su ... Read more

Published Date: Jan 14, 2025 (7 months, 1 week ago)
  • Cybersecurity News
CISA Warns of Active Exploitation of Critical Flaws in BeyondTrust and Qlik Sense

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about two critical security vulnerabilities being actively exploited by malicious actors. These flaws, impactin ... Read more

Published Date: Jan 14, 2025 (7 months, 1 week ago)
  • BleepingComputer
CISA orders agencies to patch BeyondTrust bug exploited in attacks

​CISA has tagged a command injection vulnerability (CVE-2024-12686) in BeyondTrust's Privileged Remote Access (PRA) and Remote Support (RS) as actively exploited in attacks. As mandated by the Binding ... Read more

Published Date: Jan 13, 2025 (7 months, 1 week ago)
  • Help Net Security
CISA says Treasury was the only US agency breached via BeyondTrust

The US Cybersecurity and Infrastructure Security Agency (CISA) has shared on Monday that the Treasury Department was the only US federal agency affected by the recent cybersecurity incident involving ... Read more

Published Date: Jan 07, 2025 (7 months, 2 weeks ago)
  • The Hacker News
CISA: No Wider Federal Impact from Treasury Cyber Attack, Investigation Ongoing

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday said there are no indications that the cyber attack targeting the Treasury Department impacted other federal agencies. The ag ... Read more

Published Date: Jan 07, 2025 (7 months, 2 weeks ago)
  • Dark Reading
Thousands of Buggy BeyondTrust Systems Remain Exposed

Source: artpartner-images.com via Alamy Stock PhotoA remarkable number of BeyondTrust instances remain connected to the Internet, despite dire warnings Chinese state-sponsored threat actors are active ... Read more

Published Date: Jan 03, 2025 (7 months, 3 weeks ago)
  • The Hacker News
Chinese APT Exploits BeyondTrust API Key to Access U.S. Treasury Systems and Documents

Vulnerability / Incident Response The United States Treasury Department said it suffered a "major cybersecurity incident" that allowed suspected Chinese threat actors to remotely access some computers ... Read more

Published Date: Dec 31, 2024 (7 months, 3 weeks ago)
  • BleepingComputer
US Treasury Department breached through remote support platform

Chinese state-sponsored threat actors hacked the U.S. Treasury Department after breaching a remote support platform used by the federal agency. In a letter sent to lawmakers and seen by the New York T ... Read more

Published Date: Dec 30, 2024 (7 months, 3 weeks ago)
  • Cybersecurity News
PoC Exploit Released for CVE-2024-30085: Windows Elevation of Privilege Vulnerability

Security researcher Alex Birnberg with SSD Secure Disclosure published the technical details and a proof-of-concept (PoC) exploit code for CVE-2024-30085 – a Windows Cloud Files Mini Filter Driver Ele ... Read more

Published Date: Dec 24, 2024 (8 months ago)
  • Cybersecurity News
CVE-2024-56334: Command Injection Flaw Exposes Millions of Node.js Systems to Attack

A severe command injection vulnerability (CVE-2024-56334) has been identified in the widely used Node.js system information package, which has over 8 million monthly downloads and a staggering 330 mil ... Read more

Published Date: Dec 24, 2024 (8 months ago)
  • Cybersecurity News
WikiKit Phishing Kit Targets Major Industries with Evasive Techniques

TRAC Labs recently unveiled a new phishing kit, named WikiKit, which is targeting industries across automotive, manufacturing, medical, and more. This sophisticated attack employs unique techniques to ... Read more

Published Date: Dec 24, 2024 (8 months ago)
  • The Register
UK ICO not happy with Google's plans to allow device fingerprinting

in brief Google has announced plans to allow its business customers to begin "fingerprinting" users next year, and the UK Information Commissioner's Office (ICO) isn't happy about it. Fingerprinting i ... Read more

Published Date: Dec 23, 2024 (8 months ago)
  • TheCyberThrone
BeyondTrust SaaS Breach  Comprehensive Breakdown

Incident DiscoveryOn December 2, 2024, BeyondTrust identified a significant security breach during a forensics investigation. This discovery set off a series of urgent actions to mitigate the impact a ... Read more

Published Date: Dec 23, 2024 (8 months ago)
  • Help Net Security
Week in review: MUT-1244 targets both security workers and threat actors, Kali Linux 2024.4 released

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: MUT-1244 targeting security researchers, red teamers, and threat actors A threat actor tracked as MUT- ... Read more

Published Date: Dec 22, 2024 (8 months ago)

The following table lists the changes that have been made to the CVE-2024-12356 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Modified Analysis by [email protected]

    Mar. 10, 2025

    Action Type Old Value New Value
    Added Reference Type CVE: https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis Types: Exploit, Third Party Advisory
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Feb. 17, 2025

    Action Type Old Value New Value
    Added Reference https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis
  • Initial Analysis by [email protected]

    Dec. 20, 2024

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Added CWE NIST CWE-77
    Added CPE Configuration OR *cpe:2.3:a:beyondtrust:privileged_remote_access:*:*:*:*:*:*:*:* versions up to (including) 24.3.1 *cpe:2.3:a:beyondtrust:remote_support:*:*:*:*:*:*:*:* versions up to (including) 24.3.1
    Changed Reference Type https://nvd.nist.gov/vuln/detail/CVE-2024-12356 No Types Assigned https://nvd.nist.gov/vuln/detail/CVE-2024-12356 Third Party Advisory, US Government Resource
    Changed Reference Type https://www.beyondtrust.com/trust-center/security-advisories/bt24-10 No Types Assigned https://www.beyondtrust.com/trust-center/security-advisories/bt24-10 Vendor Advisory
    Changed Reference Type https://www.cve.org/CVERecord?id=CVE-2024-12356 No Types Assigned https://www.cve.org/CVERecord?id=CVE-2024-12356 Third Party Advisory, US Government Resource
  • CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725

    Dec. 20, 2024

    Action Type Old Value New Value
    Added Date Added 2024-12-19
    Added Due Date 2024-12-27
    Added Required Action Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
    Added Vulnerability Name BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability
  • New CVE Received by 13061848-ea10-403d-bd75-c83a022c2891

    Dec. 17, 2024

    Action Type Old Value New Value
    Added Description A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Added CWE CWE-77
    Added Reference https://nvd.nist.gov/vuln/detail/CVE-2024-12356
    Added Reference https://www.beyondtrust.com/trust-center/security-advisories/bt24-10
    Added Reference https://www.cve.org/CVERecord?id=CVE-2024-12356
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 9.8
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact