Security News > 2024 > December > CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List

2024-12-20 04:30
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2024-12356 (CVSS score: 9.8), is a command injection flaw that
News URL
https://thehackernews.com/2024/12/cisa-adds-critical-flaw-in-beyondtrust.html
Related news
- Netgear warns users to patch critical WiFi router vulnerabilities (source)
- CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25 (source)
- CISA Adds Four Vulnerabilities to Catalog for Federal Enterprise (source)
- Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc (source)
- CISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities List (source)
- CISA tags Windows, Cisco vulnerabilities as actively exploited (source)
- CISA Identifies Five New Vulnerabilities Currently Being Exploited (source)
- CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List (source)
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)
- CISA: Medusa ransomware hit over 300 critical infrastructure orgs (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-12-17 | CVE-2024-12356 | Command Injection vulnerability in Beyondtrust Remote Support A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user. | 9.8 |