CVE-2024-12686 | Attaxion

CISA Known Exploited Vulnerability (KEV)

Name

BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability

Exploit added

January 13, 2025

Action due

February 3, 2025

Action required

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.

References

Weakness Enumeration

CWE-ID	CWE Name
CWE-78	Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)

Known Affected Software Configurations

cpe:2.3:a:beyondtrust:privileged_remote_access:22.2.1:::::::*
cpe:2.3:a:beyondtrust:privileged_remote_access:22.3.1:::::::*
cpe:2.3:a:beyondtrust:privileged_remote_access:22.2.2:::::::*
cpe:2.3:a:beyondtrust:privileged_remote_access:22.3.2:::::::*
cpe:2.3:a:beyondtrust:privileged_remote_access:22.3.3:::::::*
cpe:2.3:a:beyondtrust:remote_support:23.2.2:::::::*
cpe:2.3:a:beyondtrust:remote_support:23.2.1:::::::*
cpe:2.3:a:beyondtrust:privileged_remote_access:23.2.1:::::::*
cpe:2.3:a:beyondtrust:privileged_remote_access:23.2.2:::::::*
cpe:2.3:a:beyondtrust:remote_support:19.1.8:::::::*
cpe:2.3:a:beyondtrust:remote_support:19.1.7:::::::*
cpe:2.3:a:beyondtrust:remote_support:19.1.5:::::::*
cpe:2.3:a:beyondtrust:remote_support:19.1.3:::::::*
cpe:2.3:a:beyondtrust:remote_support:19.1.2:::::::*
cpe:2.3:a:beyondtrust:remote_support:19.1.1:::::::*
cpe:2.3:a:beyondtrust:remote_support:18.2.11:::::::*
cpe:2.3:a:beyondtrust:remote_support:18.2.9:::::::*
cpe:2.3:a:beyondtrust:remote_support:18.2.8:::::::*
cpe:2.3:a:beyondtrust:remote_support:18.2.7:::::::*
cpe:2.3:a:beyondtrust:remote_support:18.2.6:::::::*
cpe:2.3:a:beyondtrust:remote_support:18.2.5:::::::*
cpe:2.3:a:beyondtrust:remote_support:18.2.3:::::::*
cpe:2.3:a:beyondtrust:remote_support:18.2.2:::::::*
cpe:2.3:a:beyondtrust:remote_support:18.2.1:::::::*
cpe:2.3:a:beyondtrust:remote_support:18.1.4:::::::*
cpe:2.3:a:beyondtrust:remote_support:18.1.3:::::::*
cpe:2.3:a:beyondtrust:remote_support:18.1.2:::::::*
cpe:2.3:a:beyondtrust:remote_support:18.1.1:::::::*
cpe:2.3:a:beyondtrust:remote_support:17.1.5:::::::*
cpe:2.3:a:beyondtrust:remote_support:17.1.4:::::::*
cpe:2.3:a:beyondtrust:remote_support:17.1.3:::::::*
cpe:2.3:a:beyondtrust:remote_support:17.1.2:::::::*
cpe:2.3:a:beyondtrust:remote_support:17.1.1:::::::*
cpe:2.3:a:beyondtrust:remote_support:16.2.9:::::::*
cpe:2.3:a:beyondtrust:remote_support:16.2.8:::::::*
cpe:2.3:a:beyondtrust:remote_support:16.2.7:::::::*
cpe:2.3:a:beyondtrust:remote_support:16.2.6:::::::*
cpe:2.3:a:beyondtrust:remote_support:16.2.5:::::::*
cpe:2.3:a:beyondtrust:remote_support:16.2.4:::::::*
cpe:2.3:a:beyondtrust:remote_support:16.2.2:::::::*
cpe:2.3:a:beyondtrust:remote_support:16.2.1:::::::*
cpe:2.3:a:beyondtrust:remote_support:16.1.5:::::::*
cpe:2.3:a:beyondtrust:remote_support:16.1.4:::::::*
cpe:2.3:a:beyondtrust:remote_support:16.1.3:::::::*
cpe:2.3:a:beyondtrust:remote_support:16.1.2:::::::*
cpe:2.3:a:beyondtrust:remote_support:16.1.1:::::::*
cpe:2.3:a:beyondtrust:remote_support:15.2.3:::::::*
cpe:2.3:a:beyondtrust:remote_support:15.2.2:::::::*
cpe:2.3:a:beyondtrust:remote_support:15.2.1:::::::*
cpe:2.3:a:beyondtrust:remote_support:15.1.4:::::::*
cpe:2.3:a:beyondtrust:remote_support:15.1.3:::::::*
cpe:2.3:a:beyondtrust:remote_support:15.1.2:::::::*
cpe:2.3:a:beyondtrust:remote_support:15.1.1:::::::*
cpe:2.3:a:beyondtrust:remote_support:14.3.3:::::::*
cpe:2.3:a:beyondtrust:remote_support:14.3.2:::::::*
cpe:2.3:a:beyondtrust:remote_support:14.3.1:::::::*
cpe:2.3:a:beyondtrust:remote_support:14.2.3:::::::*
cpe:2.3:a:beyondtrust:remote_support:14.2.2:::::::*
cpe:2.3:a:beyondtrust:remote_support:14.2.1:::::::*
cpe:2.3:a:beyondtrust:remote_support:14.1.4:::::::*
cpe:2.3:a:beyondtrust:remote_support:14.1.3:::::::*
cpe:2.3:a:beyondtrust:remote_support:14.1.2:::::::*
cpe:2.3:a:beyondtrust:remote_support:14.1.1:::::::*
cpe:2.3:a:beyondtrust:remote_support:13.1.3:::::::*
cpe:2.3:a:beyondtrust:remote_support:13.1.2:::::::*
cpe:2.3:a:beyondtrust:remote_support:13.1.1:::::::*
cpe:2.3:a:beyondtrust:remote_support:12.3.5:::::::*
cpe:2.3:a:beyondtrust:remote_support:12.3.4:::::::*
cpe:2.3:a:beyondtrust:remote_support:12.3.2:::::::*
cpe:2.3:a:beyondtrust:remote_support:12.3.1:::::::*
cpe:2.3:a:beyondtrust:remote_support:12.2.4:::::::*
cpe:2.3:a:beyondtrust:remote_support:12.2.3:::::::*
cpe:2.3:a:beyondtrust:remote_support:12.2.1:::::::*
cpe:2.3:a:beyondtrust:remote_support:12.1.5:::::::*
cpe:2.3:a:beyondtrust:remote_support:12.1.4:::::::*
cpe:2.3:a:beyondtrust:remote_support:12.1.2:::::::*
cpe:2.3:a:beyondtrust:remote_support:12.1.1:::::::*
cpe:2.3:a:beyondtrust:remote_support:11.1.4:::::::*
cpe:2.3:a:beyondtrust:remote_support:11.1.3:::::::*
cpe:2.3:a:beyondtrust:remote_support:11.1.2:::::::*
cpe:2.3:a:beyondtrust:remote_support:11.1.1:::::::*
cpe:2.3:a:beyondtrust:remote_support:11.1.0:::::::*
cpe:2.3:a:beyondtrust:remote_support:10.6.6:::::::*
cpe:2.3:a:beyondtrust:remote_support:10.6.5:::::::*
cpe:2.3:a:beyondtrust:remote_support:10.6.4:::::::*
cpe:2.3:a:beyondtrust:remote_support:10.6.3:::::::*
cpe:2.3:a:beyondtrust:remote_support:10.6.2:::::::*
cpe:2.3:a:beyondtrust:remote_support:10.6.0:::::::*
cpe:2.3:a:beyondtrust:remote_support:10.5.5:::::::*
cpe:2.3:a:beyondtrust:remote_support:10.5.4:::::::*
cpe:2.3:a:beyondtrust:remote_support:10.5.3:::::::*
cpe:2.3:a:beyondtrust:remote_support:10.5.2:::::::*
cpe:2.3:a:beyondtrust:remote_support:10.5.1:::::::*
cpe:2.3:a:beyondtrust:remote_support:10.5.0:::::::*
cpe:2.3:a:beyondtrust:remote_support:10.4.11:::::::*
cpe:2.3:a:beyondtrust:remote_support:10.4.9:::::::*
cpe:2.3:a:beyondtrust:remote_support:10.4.8:::::::*
cpe:2.3:a:beyondtrust:remote_support:10.4.6:::::::*
cpe:2.3:a:beyondtrust:remote_support:10.4.5:::::::*
cpe:2.3:a:beyondtrust:remote_support:10.4.4:::::::*

Details

Source:
NVD

Published:
December 18, 2024

Updated:
January 14, 2025

Risk information

CVSS v3

Base score:
6.6

Severity:

MEDIUM

Vector:
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2

Not defined