BeyondTrust, a leading provider of privileged access management solutions, has announced the release of an urgent patch addressing a critical vulnerability (CVE-2024-12356) in its Privileged Remote Access (PRA) and Remote Support (RS) products.
The flaw, which has a CVSSv3 score of 9.8, poses a severe risk to organizations using these tools.
Command Injection Vulnerability Identified
The vulnerability stems from improper neutralization of special elements used in commands, allowing unauthenticated attackers to execute arbitrary operating system commands within the context of the site user.
Exploitation requires no privileges or user interaction, making it particularly dangerous. BeyondTrust confirmed that all versions of PRA and RS up to and including version 24.3.1 are affected.
The issue was uncovered during an investigation into a security incident involving Remote Support SaaS customers earlier in December 2024.
BeyondTrust promptly revoked compromised API keys and mitigated risks for impacted customers while simultaneously identifying this broader vulnerability.
Patch Deployment and Mitigation Measures
BeyondTrust has acted swiftly to address the issue:
- Cloud Instances: A patch was applied to all PRA and RS cloud customers as of December 16, 2024.
- On-Premise Customers: Organizations using on-premise deployments are urged to apply the patch manually if their systems are not subscribed to automatic updates.
- Customers running versions older than 22.1 must upgrade before applying the fix.
The patches—designated as BT24-10-ONPREM1 or BT24-10-ONPREM2—are tailored to specific versions of PRA and RS.
Implications for Organizations
The critical nature of this vulnerability highlights the importance of timely patch management.
Exploitation could result in unauthorized access to sensitive systems, data breaches, or disruption of services.
BeyondTrust has emphasized that no alternative mitigations or workarounds are available, making the application of these patches essential.
Organizations relying on BeyondTrust’s PRA and RS solutions should prioritize testing and deploying the updates immediately to safeguard their systems against potential exploitation.
This incident underscores the evolving threat landscape facing remote access and support solutions.
BeyondTrust’s rapid response demonstrates its commitment to security, but it also serves as a reminder for organizations to maintain robust cybersecurity practices, including regular updates and monitoring for vulnerabilities in critical software.
Also Read:
%20(1).webp?w=1200&resize=1200,0&ssl=1&description=The flaw, which has a CVSSv3 score of 9.8, poses a severe risk to organizations using these tools.){kind=link}