BeyondTrust Releases Security Advisory for Remote Support & Privileged Remote Access
A critical vulnerability in BeyondTrust remote access tools could lead to code injection
Summary
A critical vulnerability in BeyondTrust remote access tools could lead to code injection
Affected platforms
The following platforms are known to be affected:
Threat details
Exploitation of CVE-2024-12356 & CVE-2024-12686
CISA has reported exploitation of CVE-2024-12356 & CVE-2024-12686 in the wild. NHS England National CSOC urges organisations to apply relevant security updates to affected versions of BeyondTrust as soon as practicable.
Introduction
BeyondTrust has released security advisories that address vulnerabilities in the Remote Support and Privileged Remote Access systems. Remote Support allows authorised individuals such as IT Helpdesk staff to connect to remote systems. Privileged Remote Access facilitates just-in-time secure access to enterprise environments.
The first advisory covered the 'command injection' vulnerability CVE-2024-12356, which has a CVSSv3 score of 9.8. If exploited, an unauthenticated attacker could inject commands into the site in the context of a site user.
The second advisory was released addressing a medium severity 'command injection' vulnerability known as CVE-2024-12686, which was remediated in the same updates. CVE-2024-12686 has a CVSSv3 score of 6.6 and, if exploited, could allow an attacker with existing administrative privileges to inject commands in the context of a site user.
Threat updates
| Date | Update |
|---|---|
| 15 Jan 2025 | CVE-2024-12686 and corresponding advisory BT24-11 added to alert. |
| 20 Dec 2024 | CISA has reported exploitation of CVE-2024-12356 in the wild. |
Remediation advice
Affected organisations are encouraged to review the BeyondTrust Security Advisory BT24-10 & BT24-11, and apply the relevant updates.
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 15 January 2025 2:08 pm