CVE-2024-12356
BeyondTrust Privileged Remote Access (PRA) and Rem - [Actively Exploited]
Description
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.
INFO
Published Date :
Dec. 17, 2024, 5:15 a.m.
Last Modified :
Dec. 20, 2024, 2 a.m.
Source :
13061848-ea10-403d-bd75-c83a022c2891
Remotely Exploitable :
Yes !
Impact Score :
5.9
Exploitability Score :
3.9
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain a command injection vulnerability, which can allow an unauthenticated attacker to inject commands that are run as a site user.
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
https://www.beyondtrust.com/trust-center/security-advisories/bt24-10 ; https://nvd.nist.gov/vuln/detail/CVE-2024-12356
Public PoC/Exploit Available at Github
CVE-2024-12356 has a 1 public PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
Affected Products
The following products are affected by CVE-2024-12356
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
No affected product recoded yet
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2024-12356.
| URL | Resource |
|---|---|
| https://nvd.nist.gov/vuln/detail/CVE-2024-12356 | |
| https://www.beyondtrust.com/trust-center/security-advisories/bt24-10 | |
| https://www.cve.org/CVERecord?id=CVE-2024-12356 |
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
CVE-2024-12356: Improper Neutralization of Special Elements used in a Command ('Command Injection') (CWE-77)
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2024-12356 vulnerability anywhere in the article.
-
The Hacker News
CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the ... Read more
-
TheCyberThrone
CISA adds BeyondTrust CVE-2024-12356 to its KEV Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.CVE-2024-12356: Command Injection Vulnerability in BeyondTrust PRA and RSO ... Read more
-
BleepingComputer
BeyondTrust says hackers breached Remote Support SaaS instances
Privileged access management company BeyondTrust suffered a cyberattack in early December after threat actors breached some of its Remote Support SaaS instances. BeyondTrust is a cybersecurity company ... Read more
-
Help Net Security
Cleo patches zero-day exploited by ransomware gang
Cleo has released a security patch to address the critical vulnerability that started getting exploited while still a zero-day to breach internet-facing Cleo Harmony, VLTrader, and LexiCom instances. ... Read more
-
Help Net Security
Microsoft enforces defenses preventing NTLM relay attacks
Since making Kerberos the default Windows authentication protocol in 2000, Microsoft has been working on eventually retiring NTLM, its less secure and obsolete counterpart. Until NTLM gets disabled by ... Read more
-
Help Net Security
Microsoft fixes exploited zero-day (CVE-2024-49138)
On December 2024 Patch Tuesday, Microsoft resolved 71 vulnerabilities in a variety of its products, including a zero-day (CVE-2024-49138) that’s been exploited by attackers in the wild to execute code ... Read more
-
Help Net Security
Attackers actively exploiting flaw(s) in Cleo file transfer software (CVE-2024-50623)
Attackers are exploiting a vulnerability (CVE-2024-50623) in file transfer software by Cleo – LexiCo, VLTransfer, and Harmony – to gain access to organizations’ systems, Huntress researchers warned on ... Read more
-
Help Net Security
Update your OpenWrt router! Security issue made supply chain attack possible
A security issue that could have allowed attackers to serve malicious firmware images to users has been fixed by OpenWrt Project, the organization that helms the development of the popular Linux distr ... Read more
-
Help Net Security
Week in review: Veeam Service Provider Console flaws fixed, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Veeam plugs serious holes in Service Provider Console (CVE-2024-42448, CVE-2024-42449) Veeam has fixed ... Read more
-
Help Net Security
December 2024 Patch Tuesday forecast: The secure future initiative impact
December 2024 Patch Tuesday is now live: Microsoft fixes exploited zero-day (CVE-2024-49138) It seems like 2024 just started, but the final Patch Tuesday of the year is almost here! In retrospect, it ... Read more
-
Help Net Security
Mitel MiCollab zero-day and PoC exploit unveiled
A zero-day vulnerability in the Mitel MiCollab enterprise collaboration suite can be exploited to read files containing sensitive data, watchTowr researcher Sonny Macdonald has disclosed, and followed ... Read more
-
Help Net Security
How widespread is mercenary spyware? More than you think
A targeted hunt on 2,500 mobile devices for indicators of compromise associated with mercenary spyware has revealed that its use is not as rare as one would hope. The results of the hunt Earlier this ... Read more
-
Help Net Security
PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785)
Researchers have published a proof-of-concept (PoC) exploit for CVE-2024-8785, a critical remote code execution vulnerability affecting Progress WhatsUp Gold, a popular network monitoring solution for ... Read more
-
Help Net Security
Veeam plugs serious holes in Service Provider Console (CVE-2024-42448, CVE-2024-42449)
Veeam has fixed two vulnerabilities in Veeam Service Provider Console (VSPC), one of which (CVE-2024-42448) may allow remote attackers to achieve code exection on the VSPC server machine. The vulnerab ... Read more
The following table lists the changes that have been made to the
CVE-2024-12356 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725
Dec. 20, 2024
Action Type Old Value New Value Added Date Added 2024-12-19 Added Due Date 2024-12-27 Added Required Action Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Added Vulnerability Name BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability -
New CVE Received by 13061848-ea10-403d-bd75-c83a022c2891
Dec. 17, 2024
Action Type Old Value New Value Added Description A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user. Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Added CWE CWE-77 Added Reference https://nvd.nist.gov/vuln/detail/CVE-2024-12356 Added Reference https://www.beyondtrust.com/trust-center/security-advisories/bt24-10 Added Reference https://www.cve.org/CVERecord?id=CVE-2024-12356
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2024-12356 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2024-12356
weaknesses.