CVE-2024-12686
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability
CVSS
—
No CVSS
EPSS
13.8%
p96
KEV
YES
Jan 13, 2025
Exploit Today
79
0-100
Published: — · Last modified: —
Product
BeyondTrust / Privileged Remote Access (PRA) and Remote Support (RS)
Vulnerability
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability
Added to KEV
Jan 13, 2025
Remediate by
Feb 3, 2025
Known ransomware use
No
Summary description
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain an OS command injection vulnerability that can be exploited by an attacker with existing administrative privileges to upload a malicious file. Successful exploitation of this vulnerability can allow a remote attacker to execute underlying operating system commands within the context of the site user.
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes
https://www.beyondtrust.com/trust-center/security-advisories/bt24-11 ; https://nvd.nist.gov/vuln/detail/CVE-2024-12686
No related CVEs by CWE or product.