Target Industry

Indiscriminate, opportunistic targeting.

Overview

The US Cybersecurity and Infrastructure Security Agency (CISA) has recently added a critical BeyondTrust Remote Support and Privileged Remote Access vulnerability, CVE-2024-12356, to its Known Exploited Vulnerabilities (KEV) Catalogue. CVE-2024-12356 has been assigned a CVSS 3.1 score of 9.8, categorising it as a critical vulnerability. The vulnerability in BeyondTrust’s Remote Support and Privileged Remote Access products allows an unauthenticated attacker to inject commands which are run as a site user.

Impact

This vulnerability allows attackers to execute underlying Operating System commands, via a command injection vulnerability, using malicious client requests. Having a CVSS v3.1 base score of 9.8, this vulnerability is classified as critical.

Vulnerability Detection

BeyondTrust has released patches for Remote Support and Privileged Remote Access to address this vulnerability. Privileged Remote Access version 24.3.1 and earlier, and Remote Support version 24.3.1 and earlier are vulnerable.

Exploitation

The vulnerability is actively being exploited in the wild and was added to the CISA Known Exploited Vulnerability list.

Containment, Mitigations & Remediations

BeyondTrust applied a patch to all cloud users’ instances as of 16th December 2024 that remediates this vulnerability.

The patch was also pushed to on-premises users who are subscribed to automatic updates in their appliance interface. However, we recommend customers confirm this patch has been installed.

We strongly recommend all other on-premises users install the relevant patches as soon as possible as this vulnerability is under active exploitation.

For Privileged Remote Access, patch BT24-10-ONPREM1 or BT24-10-ONPREM2 should be implemented, dependent on the Privileged Remote Access version.

For Remote Support, patch BT24-10-ONPREM1 or BT24-10-ONPREM2 should be implemented, dependent on Remote Support version.

Users on versions older than version 22.1 will need to update to a newer version to implement these patches.

Threat Landscape

BeyondTrust is a major provider of a range of products including remote access and access management solutions. Remote Support is a remote access solution allowing service desks to remotely connect to Windows, Linux, macOS, Chrome OS, iOS, and Android devices. Privileged Remote Access provides control, management, and auditing of privileged accounts and credentials to ensures zero-trust access to both on-premises and cloud resources for internal, external, and third-party users. BeyondTrust has customers in a range of industries including, but not limited to, government, healthcare, financial services, energy, technology, and education.