Security News > 2024 > December > BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356)

BeyondTrust has fixed an unauthenticated command injection vulnerability (CVE-2024-12356) in its Privileged Remote Access (PRA) and Remote Support (RS) products that may allow remote code execution, and is urging organizations with on-premise installations to test the patch and implement it quickly. About CVE-2024-12356 BeyondTrust Privileged Remote Access is an enterprise solution that mediates secure remote access to enterprise environments for employees and trusted vendors. BeyondTrust Remote Support allows organizations’ IT helpdesk personnel to securely connect … More → The post BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356) appeared first on Help Net Security.
News URL
Related news
- Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools (source)
- Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products (source)
- Sophos Firewall vulnerable to critical remote code execution flaw (source)
- Sophos discloses critical Firewall remote code execution flaw (source)
- Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks (source)
- Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now (source)
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-12-17 | CVE-2024-12356 | Command Injection vulnerability in Beyondtrust Remote Support A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user. | 9.8 |