BeyondTrust has disclosed a severe security vulnerability in its Privileged Remote Access (PRA) and Remote Support (RS) products that could allow attackers to execute unauthorized system commands.
The vulnerability, tracked as CVE-2024-12356 with a critical CVSS score of 9.8, affects all versions up to and including 24.3.1.
The command injection flaw enables unauthenticated attackers to run arbitrary operating system commands within the context of the site user through malicious client requests.
This poses significant risks to organizations using these products for remote IT management and privileged access control.
BeyondTrust’s PRA solution manages privileged accounts and credentials while providing zero-trust access to both on-premises and cloud resources.
Free Webinar on Best Practices for API vulnerability & Penetration Testing: Free Registration
The RS product enables IT service desk personnel to establish secure connections with remote systems and mobile devices.
Immediate Response And Patching
BeyondTrust has taken swift action to address the vulnerability. As of December 16, 2024, all cloud-based instances have received automatic patches.
For on-premise deployments, the company has released patches BT24-10-ONPREM1 and BT24-10-ONPREM2, available for versions 22.1.x and higher.
The vulnerability discovery stems from an ongoing forensics investigation initiated after a security incident on December 2, 2024.
This incident affected a limited number of Remote Support SaaS customers and involved a compromised API key.
BeyondTrust immediately revoked the compromised key and provided affected customers with alternative Remote Support SaaS instances.
Organizations using on-premise versions must take immediate action to secure their systems:
- Cloud customers: No action is required as patches have been automatically applied
- On-premise customers Must manually apply the appropriate patch through the appliance interface
- Users running versions older than 22.1: Must upgrade to a supported version before applying the security patch
BeyondTrust continues to work with a cybersecurity and forensics firm to determine the full scope and impact of the initial compromise.
The company emphasizes the importance of prompt patching to prevent potential exploitation of this critical vulnerability.
