← Voltar para CVEs
CVE-2024-12356
CRITICALCISA KEV9.8
Descricao
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado12/17/2024
Ultima modificacao10/24/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorBeyondTrust
ProdutoPrivileged Remote Access (PRA) and Remote Support (RS)
Nome da vulnerabilidadeBeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability
Data inclusao KEV2024-12-19
Prazo de remediacao2024-12-27
Uso em ransomwareUnknown
Produtos afetados
beyondtrust:privileged_remote_accessbeyondtrust:remote_support
Fraquezas (CWE)
CWE-77CWE-77
Referencias
https://nvd.nist.gov/vuln/detail/CVE-2024-12356(13061848-ea10-403d-bd75-c83a022c2891)
https://www.beyondtrust.com/trust-center/security-advisories/bt24-10(13061848-ea10-403d-bd75-c83a022c2891)
https://www.cve.org/CVERecord?id=CVE-2024-12356(13061848-ea10-403d-bd75-c83a022c2891)
https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-12356(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.