Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

BeyondTrust Patches Critical Vulnerability Discovered During Security Incident Probe

A critical vulnerability in BeyondTrust Privileged Remote Access and Remote Support could lead to arbitrary command execution.

BeyondTrust breach vulnerability

BeyondTrust has released patches for a critical-severity vulnerability in its Privileged Remote Access (PRA) and Remote Support (RS) products that could be exploited to execute arbitrary commands. The flaw was discovered during an investigation into a security incident impacting some customers.

BeyondTrust’s PRA provides management of privileged user accounts facilitating just-in-time secure access to enterprise environments, while RS enables authorized individuals to securely connect to remote systems and mobile devices.

Tracked as CVE-2024-12356 (CVSS score of 9.8), the security defect is described as an unauthenticated command injection bug that can be exploited using crafted client requests.

“Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user,” BeyondTrust notes in its advisory.

The issue impacts PRA and RS versions 24.3.1 and earlier. BeyondTrust has released a patch for all supported iterations of PRA and RS versions 22.1.x and higher and has applied the patch to cloud customers earlier this week.

“On-premise customers of RS/PRA should apply the patch if their instance is not subscribed to automatic updates in their /appliance interface. If customers are on a version older than 22.1, they will need to upgrade in order to apply this patch,” BeyondTrust explains.

According to the company, CVE-2024-12356 was identified during a forensic investigation into a recent security incident involving unauthorized access to a “limited number” of customers’ Remote Support SaaS instances.

“On December 5th, 2024, a root cause analysis into a Remote Support SaaS issue identified an API key for Remote Support SaaS had been compromised. BeyondTrust immediately revoked the API key, notified known impacted customers, and suspended those instances the same day while providing alternative Remote Support SaaS instances for those customers,” the company explains.

Advertisement. Scroll to continue reading.

No other BeyondTrust products were affected by the incident and the newly released patch for self-hosted instances is non-disruptive, causing no downtime, BeyondTrust says. Customers are advised to update their PRA and RS instances as soon as possible.

BeyondTrust has not clearly stated whether CVE-2024-12356 was exploited in attacks against its customers.

SecurityWeek has emailed the company for additional information and will update this article as soon as a reply arrives.

Related: Hunk Companion, WP Query Console Vulnerabilities Chained to Hack WordPress Sites

Related: Google Pays $55,000 for High-Severity Chrome Browser Bug

Related: Russian APT Chained Firefox and Windows Zero-Days Against US and European Targets

Related: API Security Matters: The Risks of Turning a Blind Eye

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.