cvelistv5 - cve-2024-12356

CVE-2024-12356 (GCVE-0-2024-12356)

Vulnerability from cvelistv5 – Published: 2024-12-17 04:29 – Updated: 2025-10-21 22:55

CISA

Summary

A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Assigner

References

URL

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2024-12-19

Due date: 2024-12-27

Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Used in ransomware: Unknown

Notes: https://www.beyondtrust.com/trust-center/security-advisories/bt24-10 ; https://nvd.nist.gov/vuln/detail/CVE-2024-12356

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-12356",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-19T18:04:49.357119Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-12-19",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-12356"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T22:55:34.239Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-12356"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2024-12-19T00:00:00+00:00",
            "value": "CVE-2024-12356 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-02-17T20:34:17.077Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Remote Support",
          "vendor": "BeyondTrust",
          "versions": [
            {
              "lessThanOrEqual": "24.3.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Privileged Remote Access",
          "vendor": "BeyondTrust",
          "versions": [
            {
              "lessThanOrEqual": "24.3.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-12-17T04:28:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user. \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-88",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-88 OS Command Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-29T19:35:07.022Z",
        "orgId": "13061848-ea10-403d-bd75-c83a022c2891",
        "shortName": "BT"
      },
      "references": [
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-12356"
        },
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12356"
        },
        {
          "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-10"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Command Injection Vulnerability in Remote Support(RS) \u0026 Privileged Remote Access (PRA)",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
    "assignerShortName": "BT",
    "cveId": "CVE-2024-12356",
    "datePublished": "2024-12-17T04:29:07.883Z",
    "dateReserved": "2024-12-08T18:31:21.494Z",
    "dateUpdated": "2025-10-21T22:55:34.239Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2024-12356",
      "cwes": "[\"CWE-77\"]",
      "dateAdded": "2024-12-19",
      "dueDate": "2024-12-27",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-10 ; https://nvd.nist.gov/vuln/detail/CVE-2024-12356",
      "product": "Privileged Remote Access (PRA) and Remote Support (RS) ",
      "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain a command injection vulnerability, which can allow an unauthenticated attacker to inject commands that are run as a site user. ",
      "vendorProject": "BeyondTrust",
      "vulnerabilityName": "BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability "
    },
    "fkie_nvd": {
      "cisaActionDue": "2024-12-27",
      "cisaExploitAdd": "2024-12-19",
      "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
      "cisaVulnerabilityName": "BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability ",
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:beyondtrust:privileged_remote_access:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"24.3.1\", \"matchCriteriaId\": \"D402E4B5-D3EA-4AD1-8954-92FB6A873906\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:beyondtrust:remote_support:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"24.3.1\", \"matchCriteriaId\": \"AD0D0CD2-E8CE-40B6-B8F0-2FB1A98DA3F8\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.\"}, {\"lang\": \"es\", \"value\": \"Se ha descubierto una vulnerabilidad cr\\u00edtica en los productos Privileged Remote Access (PRA) and Remote Support (RS) que puede permitir que un atacante no autenticado inyecte comandos que se ejecutan como un usuario del sitio.\"}]",
      "id": "CVE-2024-12356",
      "lastModified": "2024-12-20T15:25:37.347",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"13061848-ea10-403d-bd75-c83a022c2891\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
      "published": "2024-12-17T05:15:06.413",
      "references": "[{\"url\": \"https://nvd.nist.gov/vuln/detail/CVE-2024-12356\", \"source\": \"13061848-ea10-403d-bd75-c83a022c2891\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.beyondtrust.com/trust-center/security-advisories/bt24-10\", \"source\": \"13061848-ea10-403d-bd75-c83a022c2891\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.cve.org/CVERecord?id=CVE-2024-12356\", \"source\": \"13061848-ea10-403d-bd75-c83a022c2891\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}]",
      "sourceIdentifier": "13061848-ea10-403d-bd75-c83a022c2891",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"13061848-ea10-403d-bd75-c83a022c2891\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-77\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-77\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-12356\",\"sourceIdentifier\":\"13061848-ea10-403d-bd75-c83a022c2891\",\"published\":\"2024-12-17T05:15:06.413\",\"lastModified\":\"2025-10-24T13:44:00.590\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto una vulnerabilidad cr\u00edtica en los productos Privileged Remote Access (PRA) and Remote Support (RS) que puede permitir que un atacante no autenticado inyecte comandos que se ejecutan como un usuario del sitio.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"13061848-ea10-403d-bd75-c83a022c2891\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2024-12-19\",\"cisaActionDue\":\"2024-12-27\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability \",\"weaknesses\":[{\"source\":\"13061848-ea10-403d-bd75-c83a022c2891\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-77\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-77\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:beyondtrust:privileged_remote_access:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"24.3.1\",\"matchCriteriaId\":\"D402E4B5-D3EA-4AD1-8954-92FB6A873906\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:beyondtrust:remote_support:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"24.3.1\",\"matchCriteriaId\":\"AD0D0CD2-E8CE-40B6-B8F0-2FB1A98DA3F8\"}]}]}],\"references\":[{\"url\":\"https://nvd.nist.gov/vuln/detail/CVE-2024-12356\",\"source\":\"13061848-ea10-403d-bd75-c83a022c2891\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.beyondtrust.com/trust-center/security-advisories/bt24-10\",\"source\":\"13061848-ea10-403d-bd75-c83a022c2891\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cve.org/CVERecord?id=CVE-2024-12356\",\"source\":\"13061848-ea10-403d-bd75-c83a022c2891\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-12356\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"defaultStatus\": \"unaffected\", \"product\": \"Remote Support\", \"vendor\": \"BeyondTrust\", \"versions\": [{\"lessThanOrEqual\": \"24.3.1\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\"}]}, {\"defaultStatus\": \"unaffected\", \"product\": \"Privileged Remote Access\", \"vendor\": \"BeyondTrust\", \"versions\": [{\"lessThanOrEqual\": \"24.3.1\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\"}]}], \"datePublic\": \"2024-12-17T04:28:00.000Z\", \"descriptions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eA critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user. \u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e\"}], \"value\": \"A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.\"}], \"impacts\": [{\"capecId\": \"CAPEC-88\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-88 OS Command Injection\"}]}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"version\": \"3.1\"}, \"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-77\", \"description\": \"CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"orgId\": \"13061848-ea10-403d-bd75-c83a022c2891\", \"shortName\": \"BT\", \"dateUpdated\": \"2025-01-29T19:35:07.022Z\"}, \"references\": [{\"url\": \"https://www.cve.org/CVERecord?id=CVE-2024-12356\"}, {\"url\": \"https://nvd.nist.gov/vuln/detail/CVE-2024-12356\"}, {\"url\": \"https://www.beyondtrust.com/trust-center/security-advisories/bt24-10\"}], \"source\": {\"discovery\": \"UNKNOWN\"}, \"title\": \"Command Injection Vulnerability in Remote Support(RS) \u0026 Privileged Remote Access (PRA)\", \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-02-17T20:34:17.077Z\"}, \"references\": [{\"url\": \"https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis\"}], \"title\": \"CVE Program Container\", \"x_generator\": {\"engine\": \"ADPogram 0.0.1\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-12356\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-19T18:04:49.357119Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2024-12-19\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-12356\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-17T16:06:48.692Z\"}, \"timeline\": [{\"time\": \"2024-12-19T00:00:00+00:00\", \"lang\": \"en\", \"value\": \"CVE-2024-12356 added to CISA KEV\"}], \"title\": \"CISA ADP Vulnrichment\"}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-12356\", \"assignerOrgId\": \"13061848-ea10-403d-bd75-c83a022c2891\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"BT\", \"dateReserved\": \"2024-12-08T18:31:21.494Z\", \"datePublished\": \"2024-12-17T04:29:07.883Z\", \"dateUpdated\": \"2025-07-30T01:25:40.058Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-69C6-CCV7-V3G3

Vulnerability from github – Published: 2024-12-17 06:30 – Updated: 2025-10-22 00:33

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-12356"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-77"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-17T05:15:06Z",
    "severity": "CRITICAL"
  },
  "details": "A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.",
  "id": "GHSA-69c6-ccv7-v3g3",
  "modified": "2025-10-22T00:33:11Z",
  "published": "2024-12-17T06:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12356"
    },
    {
      "type": "WEB",
      "url": "https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis"
    },
    {
      "type": "WEB",
      "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-10"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-12356"
    },
    {
      "type": "WEB",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12356"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

NCSC-2024-0493

Vulnerability from csaf_ncscnl - Published: 2024-12-18 10:42 - Updated: 2024-12-18 10:42

Summary

Kwetsbaarheid verholpen in BeyondTrust Privileged Remote Access

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten

BeyondTrust heeft een kwetsbaarheid verholpen in Privileged Remote Access en Remote Support producten.

Interpretaties

De kwetsbaarheid bevindt zich binnen de Privileged Remote Access en Remote Support producten, waardoor niet-geauthenticeerde aanvallers commando's kunnen uitvoeren als een site-gebruiker. De aanval kan leiden tot ongeautoriseerde toegang en manipulatie van systeemfuncties.

Oplossingen

BeyondTrust heeft updates uitgebracht om de kwetsbaarheid te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans

medium

Schade

high

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "BeyondTrust heeft een kwetsbaarheid verholpen in Privileged Remote Access en Remote Support producten.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheid bevindt zich binnen de Privileged Remote Access en Remote Support producten, waardoor niet-geauthenticeerde aanvallers commando\u0027s kunnen uitvoeren als een site-gebruiker. De aanval kan leiden tot ongeautoriseerde toegang en manipulatie van systeemfuncties.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "BeyondTrust heeft updates uitgebracht om de kwetsbaarheid te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
        "title": "CWE-77"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference - cveprojectv5; nvd",
        "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-10"
      }
    ],
    "title": "Kwetsbaarheid verholpen in BeyondTrust Privileged Remote Access",
    "tracking": {
      "current_release_date": "2024-12-18T10:42:27.324531Z",
      "id": "NCSC-2024-0493",
      "initial_release_date": "2024-12-18T10:42:27.324531Z",
      "revision_history": [
        {
          "date": "2024-12-18T10:42:27.324531Z",
          "number": "0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "remote_support___privileged_remote_access",
            "product": {
              "name": "remote_support___privileged_remote_access",
              "product_id": "CSAFPID-1744373",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:beyondtrust:remote_support___privileged_remote_access:*:*:*:*:*:*:*:*"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "beyondtrust"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-12356",
      "cwe": {
        "id": "CWE-77",
        "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
          "title": "CWE-77"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1744373"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-12356",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-12356.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1744373"
          ]
        }
      ],
      "title": "CVE-2024-12356"
    }
  ]
}

FKIE_CVE-2024-12356

Vulnerability from fkie_nvd - Published: 2024-12-17 05:15 - Updated: 2025-10-24 13:44

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
13061848-ea10-403d-bd75-c83a022c2891	https://nvd.nist.gov/vuln/detail/CVE-2024-12356	Third Party Advisory, US Government Resource
13061848-ea10-403d-bd75-c83a022c2891	https://www.beyondtrust.com/trust-center/security-advisories/bt24-10	Vendor Advisory
13061848-ea10-403d-bd75-c83a022c2891	https://www.cve.org/CVERecord?id=CVE-2024-12356	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis	Exploit, Third Party Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-12356	US Government Resource

Impacted products

	Vendor	Product	Version
	beyondtrust	privileged_remote_access	*
	beyondtrust	remote_support	*

JSON

To clipboard

{
  "cisaActionDue": "2024-12-27",
  "cisaExploitAdd": "2024-12-19",
  "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
  "cisaVulnerabilityName": "BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability ",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:beyondtrust:privileged_remote_access:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D402E4B5-D3EA-4AD1-8954-92FB6A873906",
              "versionEndIncluding": "24.3.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:beyondtrust:remote_support:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD0D0CD2-E8CE-40B6-B8F0-2FB1A98DA3F8",
              "versionEndIncluding": "24.3.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto una vulnerabilidad cr\u00edtica en los productos Privileged Remote Access (PRA) and Remote Support (RS) que puede permitir que un atacante no autenticado inyecte comandos que se ejecutan como un usuario del sitio."
    }
  ],
  "id": "CVE-2024-12356",
  "lastModified": "2025-10-24T13:44:00.590",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "13061848-ea10-403d-bd75-c83a022c2891",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-12-17T05:15:06.413",
  "references": [
    {
      "source": "13061848-ea10-403d-bd75-c83a022c2891",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12356"
    },
    {
      "source": "13061848-ea10-403d-bd75-c83a022c2891",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-10"
    },
    {
      "source": "13061848-ea10-403d-bd75-c83a022c2891",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12356"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-12356"
    }
  ],
  "sourceIdentifier": "13061848-ea10-403d-bd75-c83a022c2891",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "13061848-ea10-403d-bd75-c83a022c2891",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

WID-SEC-W-2024-3723

Vulnerability from csaf_certbund - Published: 2024-12-17 23:00 - Updated: 2024-12-19 23:00

Summary

BeyondTrust Privileged Remote Access und Remote Support: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Benutzerrechten

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

BeyondTrust Privileged Remote Access (PRA) bietet privilegierten Benutzern und externen Anbietern sicheren, überwachten Zugriff auf kritische Systeme und IT-Infrastrukturen. BeyondTrust Remote Support (RS) ermöglicht IT-Teams und Dienstleistern sicheren, interaktiven Fernzugriff zur Unterstützung von Endbenutzern

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in BeyondTrust Privileged Remote Access und BeyondTrust Remote Support ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen.

Betroffene Betriebssysteme

- Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "kritisch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "BeyondTrust Privileged Remote Access (PRA) bietet privilegierten Benutzern und externen Anbietern sicheren, \u00fcberwachten Zugriff auf kritische Systeme und IT-Infrastrukturen.\r\nBeyondTrust Remote Support (RS) erm\u00f6glicht IT-Teams und Dienstleistern sicheren, interaktiven Fernzugriff zur Unterst\u00fctzung von Endbenutzern",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in BeyondTrust Privileged Remote Access und BeyondTrust Remote Support ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-3723 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3723.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-3723 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3723"
      },
      {
        "category": "external",
        "summary": "Beyontrust Security Advisory vom 2024-12-17",
        "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-10"
      },
      {
        "category": "external",
        "summary": "CISA Known Exploited Vulnerabilities Catalog vom 2024-12-19",
        "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
      }
    ],
    "source_lang": "en-US",
    "title": "BeyondTrust Privileged Remote Access und Remote Support: Schwachstelle erm\u00f6glicht Ausf\u00fchren von beliebigem Programmcode mit Benutzerrechten",
    "tracking": {
      "current_release_date": "2024-12-19T23:00:00.000+00:00",
      "generator": {
        "date": "2024-12-20T09:12:24.187+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2024-3723",
      "initial_release_date": "2024-12-17T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-12-17T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-12-19T23:00:00.000+00:00",
          "number": "2",
          "summary": "Schwachstelle wird ausgenutzt"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=24.3.1",
                "product": {
                  "name": "BeyondTrust Privileged Remote Access \u003c=24.3.1",
                  "product_id": "T039912"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=24.3.1",
                "product": {
                  "name": "BeyondTrust Privileged Remote Access \u003c=24.3.1",
                  "product_id": "T039912-fixed"
                }
              }
            ],
            "category": "product_name",
            "name": "Privileged Remote Access"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=24.3.1",
                "product": {
                  "name": "BeyondTrust Remote Support \u003c=24.3.1",
                  "product_id": "T039913"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=24.3.1",
                "product": {
                  "name": "BeyondTrust Remote Support \u003c=24.3.1",
                  "product_id": "T039913-fixed"
                }
              }
            ],
            "category": "product_name",
            "name": "Remote Support"
          }
        ],
        "category": "vendor",
        "name": "BeyondTrust"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-12356",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in BeyondTrust Privileged Remote Access und BeyondTrust Remote Support. Dieser Fehler existiert wegen eines Befehlsinjektionsproblems. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebige zugrundeliegende Betriebssystembefehle im Kontext des Benutzers der Website auszuf\u00fchren."
        }
      ],
      "product_status": {
        "last_affected": [
          "T039913",
          "T039912"
        ]
      },
      "release_date": "2024-12-17T23:00:00.000+00:00",
      "title": "CVE-2024-12356"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-12356 (GCVE-0-2024-12356)

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

GHSA-69C6-CCV7-V3G3

NCSC-2024-0493

FKIE_CVE-2024-12356

WID-SEC-W-2024-3723

Tags

Sightings

Nomenclature