CISA has identified a critical security vulnerability (CVE-2024-12356) affecting BeyondTrust’s Privileged Remote Access (PRA) and Remote Support (RS) products. The flaw, rated with a severe CVSS score of 9.8, allows unauthorized attackers to execute arbitrary commands as site users.
Key Points:
– The vulnerability is actively being exploited in the wild
– Cloud instances have been automatically patched
– Self-hosted users must update to specific versions:
* PRA (24.3.1 and earlier): Apply patch BT24-10-ONPREM1 or BT24-10-ONPREM2
* RS (24.3.1 and earlier): Apply patch BT24-10-ONPREM1 or BT24-10-ONPREM2
Additional Security Concerns:
– BeyondTrust recently suffered a cyber attack affecting Remote Support SaaS instances
– Attackers accessed an API key enabling password resets for local accounts
– A second vulnerability (CVE-2024-12686) was discovered, requiring administrative privileges
– New patches have been released for both PRA and RS to address these issues
While BeyondTrust has notified affected customers, the full extent of the attacks and the identity of the threat actors remain unknown. The company is working with cybersecurity experts to investigate the incident.