CISA Warns of BeyondTrust Privileged Remote Access Exploited in Wild


 The Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm over a critical vulnerability impacting BeyondTrust’s Privileged Remote Access (PRA) and Remote Support (RS) products.

This newly uncovered flaw tracked as CVE-2024-12356, could allow attackers to execute malicious commands, posing a severe risk to global enterprises relying on these tools for secure remote access and IT support.

CVE-2024-12356: Command Injection Vulnerability

The vulnerability under CVE-2024-12356 is a command injection flaw, enabling unauthenticated attackers to inject arbitrary commands that are executed with the permissions of a site user.

– Advertisement –
SIEM as a Service

This type of vulnerability, categorized under CWE-77 (Improper Neutralization of Special Elements used in Commands), stems from poor input validation, leaving systems susceptible to unauthorized access and potentially catastrophic attacks.

Free Webinar on Best Practices for API vulnerability & Penetration Testing:  Free Registration

The precise impact of CVE-2024-12356 is alarming. Attackers exploiting this vulnerability could gain unauthorized control over systems, escalate privileges, and compromise sensitive data.

Although it has not yet been confirmed whether this vulnerability is actively being used in ransomware campaigns, its exploitability and potential for harm highlight the urgency of addressing it.

CISA has urged all organizations using BeyondTrust’s PRA and RS products to act swiftly. The recommended course of action is to apply mitigations or patches as provided by BeyondTrust.

If no mitigation options are available, discontinuing the use of the affected products is strongly advised to avoid potential exploitation.

The deadline for implementing these measures has been set for December 27, 2024, reflecting the critical nature of this vulnerability. As of now, BeyondTrust has not released detailed remediation instructions, but it is expected to provide updates soon.

With privileged access tools being a frequent target of cyberattacks, this vulnerability underscores a pressing need for proactive measures to secure essential systems.

Organizations must stay alert to updates from both BeyondTrust and CISA to prevent potential exploitation. This discovery once again highlights the importance of routine security audits and rapid vulnerability management to counter evolving cyber threats.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free



Source link