VIR Vulnerability Intelligence Relay

CVE-2024-12356

unknown KEV
Published 2024-12-19 · Modified 2024-12-19
CVSS v3
CVSS v2
VIR risk
1.5

Description

BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain a command injection vulnerability, which can allow an unauthenticated attacker to inject commands that are run as a site user.

CISA KEV

Vendor
BeyondTrust
Product
Privileged Remote Access (PRA) and Remote Support (RS)
Due date
2024-12-27

Predictions

Exploit likelihood
99%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cisa-kev — https://www.beyondtrust.com/trust-center/security-advisories/bt24-10 ; https://nvd.nist.gov/vuln/detail/CVE-2024-12356

Exploits

References

Verify integrity in audit chain (admin only). AS-IS.