BeyondTrust Critical PRA and RS Vulnerability: Patches Urged

The “BeyondTrust critical PRA and RS vulnerability” has raised alarm in the cybersecurity world. This severe flaw, tracked as CVE-2024-12356 with a CVSS score of 9.8, poses significant risks to organizations using BeyondTrust’s Privileged Remote Access (PRA) and Remote Support (RS) products.

If left unpatched, attackers could exploit this command injection vulnerability to execute arbitrary commands. BeyondTrust has issued an urgent advisory to all users to apply the necessary updates and secure their systems immediately.

This advisory comes amid an ongoing investigation into a related security incident that underscores the importance of proactive action to mitigate such risks.

Key Takeaway to BeyondTrust Critical PRA and RS Vulnerability

• BeyondTrust Critical PRA and RS Vulnerability: Organizations must update PRA and RS products to patch CVE-2024-12356, a critical flaw allowing remote code execution.

BeyondTrust Identifies Critical Security Flaw

BeyondTrust recently disclosed a critical vulnerability in its Privileged Remote Access (PRA) and Remote Support (RS) products. Known as CVE-2024-12356, this command injection flaw enables unauthenticated attackers to execute commands as a site user.

The vulnerability stems from an exploit in the file upload mechanism, leading to severe consequences for unpatched systems.

Affected versions include PRA and RS products version 24.3.1 and earlier. BeyondTrust has addressed the issue with patches BT24-10-ONPREM1 and BT24-10-ONPREM2, now available for immediate deployment.

Impact and Technical Details

The CVE-2024-12356 vulnerability allows:

The flaw was identified during BeyondTrust’s forensic investigation into a December 2024 security incident. A compromised API key for Remote Support SaaS was linked to unauthorized password resets of local accounts, emphasizing the urgency of this patch.

Recommended Actions

BeyondTrust strongly recommends the following:

Cloud users have already received automatic updates as of December 16, 2024, while on-premise customers must manually implement the patches.

Timeline of the Incident

The flaw was uncovered following a December 2024 security breach impacting Remote Support SaaS customers. Key events include:

Indicators of Compromise (IoC)

BeyondTrust has provided the following IP addresses linked to suspicious activity:

BeyondTrust’s Commitment to Security

The company remains dedicated to transparency and customer protection. BeyondTrust has engaged a third-party cybersecurity firm to assist in the forensic investigation and continues to share updates via its secure customer portal.

About BeyondTrust

BeyondTrust is a global leader in privileged access management, offering secure solutions for IT teams and organizations to manage credentials, audit accounts, and ensure zero-trust access to resources.

Rounding Up

The BeyondTrust critical PRA and RS vulnerability serves as a stark reminder of the evolving cybersecurity landscape. Organizations must act swiftly to apply the recommended patches and enhance their security measures.

By staying vigilant and proactive, businesses can mitigate the risks associated with such vulnerabilities.

FAQs

What is CVE-2024-12356?

• CVE-2024-12356 is a critical command injection vulnerability affecting BeyondTrust’s PRA and RS products, allowing attackers to execute arbitrary commands.

Who is affected by this vulnerability?

• Organizations using PRA and RS versions 24.3.1 and earlier are impacted.

How can I protect my systems?

• Apply the latest patches (BT24-10-ONPREM1 or BT24-10-ONPREM2) and enable security features like IP whitelisting.

Are cloud instances automatically updated?

• Yes, cloud users received automatic updates on December 16, 2024.

Where can I find more information?

• Visit the BeyondTrust customer portal for detailed guidance and updates.