CVE-2024-12686
6.6MEDIUMA vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site u
Published: 12/18/2024Updated: 10/24/2025
CISA Known Exploited Vulnerability
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain an OS command injection vulnerability that can be exploited by an attacker with existing administrative privileges to upload a malicious file. Successful exploitation of this vulnerability can allow a remote attacker to execute underlying operating system commands within the context of the site user.
Required Action:
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Due Date:
2025-02-03
Description
A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.
AI AnalysisPowered by AI
Affected Products
beyondtrustprivileged_remote_access
beyondtrustremote_support
References
- https://nvd.nist.gov/vuln/detail/CVE-2024-12686Third Party AdvisoryUS Government Resource
- https://www.beyondtrust.com/trust-center/security-advisories/bt24-11Vendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-12686US Government Resource