BeyondTrust has disclosed particulars of a important safety flaw in Privileged Distant Entry (PRA) and Distant Help (RS) merchandise that would probably result in the execution of arbitrary instructions.
Privileged Distant Entry controls, manages, and audits privileged accounts and credentials, providing zero belief entry to on-premises and cloud assets by inner, exterior, and third-party customers. Distant Help permits service desk personnel to securely connect with distant programs and cellular gadgets.
The vulnerability, tracked as CVE-2024-12356 (CVSS rating: 9.8), has been described for instance of command injection.
“A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user,” the corporate mentioned in an advisory.
An attacker might exploit the flaw by sending a malicious shopper request, successfully resulting in the execution of arbitrary working programs inside the context of the positioning consumer.
The difficulty impacts the next variations –
- Privileged Distant Entry (variations 24.3.1 and earlier) – Fastened in PRA patch BT24-10-ONPREM1 or BT24-10-ONPREM2
- Distant Help (variations 24.3.1 and earlier) – Fastened in RS patch BT24-10-ONPREM1 or BT24-10-ONPREM2
A patch for the vulnerability has already been utilized to cloud situations as of December 16, 2024. Customers of on-premise variations of the software program are beneficial to use the newest fixes if they don’t seem to be subscribed to computerized updates.
“If customers are on a version older than 22.1, they will need to upgrade in order to apply this patch,” BeyondTrust mentioned.
The corporate mentioned the shortcoming was uncovered throughout an ongoing forensics investigation that was initiated following a “security incident” on December 2, 2024, involving a “limited number of Remote Support SaaS customers.”
“A root cause analysis into a Remote Support SaaS issue identified an API key for Remote Support SaaS had been compromised,” BeyondTrust mentioned, including it “immediately revoked the API key, notified known impacted customers, and suspended those instances the same day while providing alternative Remote Support SaaS instances for those customers.”
BeyondTrust additionally mentioned it is nonetheless working to find out the trigger and impression of the compromise in partnership with an unnamed “cybersecurity and forensics firm.”
