CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Feb 3, 2025
High
CISA KEVCVE-2024-12686
BeyondTrust—Privileged Remote Access (PRA) and Remote Support (RS)
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain an OS command injection vulnerability that can be exploited by an attacker with existing administrative privileges to upload a malicious file. Successful exploitation of this vulnerability can allow a remote attacker to execute underlying operating system commands within the context of the site user.
Required Action
https://www.beyondtrust.com/trust-center/security-advisories/bt24-11 ; https://nvd.nist.gov/vuln/detail/CVE-2024-12686
Vulnerability Overview
- Severity
- High
- CISA KEV
- Yes
- Ransomware
- Unknown
- Published
- Jan 13, 2025
- KEV Added
- Jan 13, 2025
- Due Date
- Feb 3, 2025
- Related Articles
- 0
Vendor
BeyondTrust
Privileged Remote Access (PRA) and Remote Support (RS)