Security News > 2025 > January > CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks
2025-01-14 03:21
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a second security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability in question is CVE-2024-12686 (CVSS score: 6.6), a medium-severity bug that could
News URL
https://thehackernews.com/2025/01/cisa-adds-new-beyondtrust-flaw-to-kev.html
Related news
- CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List (source)
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)
- CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation (source)
- CISA tags NAKIVO backup flaw as actively exploited in attacks (source)
- CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation (source)
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
- CISA tags SonicWall VPN flaw as actively exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-18 | CVE-2024-12686 | OS Command Injection vulnerability in Beyondtrust Remote Support A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user. | 7.2 |