CVE-2024-12686
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability
CVSS
—
Sin CVSS
EPSS
13.8%
p96
KEV
SÍ
13 ene 2025
Exploit Today
79
0-100
Publicado: — · Última mod.: —
Producto
BeyondTrust / Privileged Remote Access (PRA) and Remote Support (RS)
Vulnerabilidad
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability
Añadido a KEV
13 ene 2025
Remediar antes de
3 feb 2025
Uso conocido en ransomware
No
Descripción resumida
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain an OS command injection vulnerability that can be exploited by an attacker with existing administrative privileges to upload a malicious file. Successful exploitation of this vulnerability can allow a remote attacker to execute underlying operating system commands within the context of the site user.
Acción requerida
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notas
https://www.beyondtrust.com/trust-center/security-advisories/bt24-11 ; https://nvd.nist.gov/vuln/detail/CVE-2024-12686
Sin CVEs relacionados por CWE o producto.