Security News > 2025 > January > CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks

CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks
2025-01-14 03:21

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a second security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability in question is CVE-2024-12686 (CVSS score: 6.6), a medium-severity bug that could


News URL

https://thehackernews.com/2025/01/cisa-adds-new-beyondtrust-flaw-to-kev.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-12-18 CVE-2024-12686 OS Command Injection vulnerability in Beyondtrust Remote Support
A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.
network
low complexity
beyondtrust CWE-78
7.2

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Beyondtrust 9 0 3 13 3 19