BeyondTrust has identified a critical security vulnerability (CVE-2024-12356) affecting its Privileged Remote Access (PRA) and Remote Support (RS) solutions. The flaw, which received a severe CVSS score of 9.8, enables unauthorized attackers to execute arbitrary commands through command injection.
The vulnerability impacts:
– Privileged Remote Access (version 24.3.1 and earlier)
– Remote Support (version 24.3.1 and earlier)
Security Impact:
– Allows unauthenticated attackers to inject and run commands as site users
– Potential system compromise through malicious client requests
– Affects both cloud and on-premises deployments
Remediation Steps:
– Cloud instances: Patch automatically applied on December 16, 2024
– On-premises users: Must install patches BT24-10-ONPREM1 or BT24-10-ONPREM2
– Systems running versions older than 22.1 require full upgrade
The vulnerability was discovered during an investigation of a December 2, 2024 security incident affecting select Remote Support SaaS customers. BeyondTrust has already revoked compromised API keys and provided affected customers with alternative Remote Support SaaS instances. The company continues to investigate the incident with assistance from a cybersecurity forensics firm.