Security News > 2025 > January > CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks
2025-01-14 03:21
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a second security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability in question is CVE-2024-12686 (CVSS score: 6.6), a medium-severity bug that could
News URL
https://thehackernews.com/2025/01/cisa-adds-new-beyondtrust-flaw-to-kev.html
Related news
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
- CISA Adds Acclaim USAHERDS Vulnerability to KEV Catalog Amid Active Exploitation (source)
- CISA: No Wider Federal Impact from Treasury Cyber Attack, Investigation Ongoing (source)
- CISA warns of critical Oracle, Mitel flaws exploited in attacks (source)
- CISA orders agencies to patch BeyondTrust bug exploited in attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-12-18 | CVE-2024-12686 | OS Command Injection vulnerability in Beyondtrust Remote Support A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user. | 7.2 |