#VU102580 OS Command Injection in Remote Support and Privileged Remote Access (PRA) - CVE-2024-12686

Cybersecurity Help s.r.o.

Published: 2025-01-14 | Updated: 2025-02-15

Vulnerability identifier: #VU102580

Vulnerability risk: High

CVSSv4.0: 7.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]

CVE-ID: CVE-2024-12686

CWE-ID: CWE-78

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Remote Support
Client/Desktop applications / Software for system administration
Privileged Remote Access (PRA)
Client/Desktop applications / Software for system administration

Vendor: BeyondTrust

Description

The vulnerability allows a remote user to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation. A remote privileged user can upload a specially crafted file on the system and execute arbitrary code as a site user.

Note, the vulnerability is being exploited in the wild.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Remote Support: 9.0.0 - 24.3.1

Privileged Remote Access (PRA) : 15.1.1 - 24.3.1

External links
https://www.beyondtrust.com/trust-center/security-advisories/bt24-11

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

Latest bulletins with this vulnerability

OS command injection in BeyondTrust Privileged Remote Access and Remote Support software