← Voltar para CVEs
CVE-2024-12686
MEDIUMCISA KEV6.6
Descricao
A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.
Detalhes CVE
Pontuacao CVSS v3.16.6
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeHIGH
Privilegios necessariosHIGH
Interacao do usuarioNONE
Publicado12/18/2024
Ultima modificacao10/24/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorBeyondTrust
ProdutoPrivileged Remote Access (PRA) and Remote Support (RS)
Nome da vulnerabilidadeBeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability
Data inclusao KEV2025-01-13
Prazo de remediacao2025-02-03
Uso em ransomwareUnknown
Produtos afetados
beyondtrust:privileged_remote_accessbeyondtrust:remote_support
Fraquezas (CWE)
CWE-78CWE-78
Referencias
https://nvd.nist.gov/vuln/detail/CVE-2024-12686(13061848-ea10-403d-bd75-c83a022c2891)
https://www.beyondtrust.com/trust-center/security-advisories/bt24-11(13061848-ea10-403d-bd75-c83a022c2891)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-12686(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.