CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-12686

High Severity
Beyondtrust
SVRS
64/100
CVSSv3
6.6/10
EPSS
0.04554/1

CVE-2024-12686 is a command injection vulnerability in Privileged Remote Access (PRA) and Remote Support (RS) that could allow attackers to execute commands with site user privileges, if they already possess administrative access. The SVRS score of 64 indicates a significant level of risk and potential for exploitation, though below the critical threshold of 80. This vulnerability allows an attacker with administrative privileges to inject commands, leading to unauthorized actions performed under the context of the site user. While the CVSS score is 6.6, the "In The Wild" and "Exploit Available" tags, along with its inclusion in the CISA KEV catalog, emphasize the immediate threat. Organizations using affected PRA and RS systems should apply patches immediately. The presence of active exploits means the vulnerability is being actively targeted, heightening the urgency to mitigate potential damage. Successful exploitation can lead to data breaches, system compromise, and further unauthorized access.

TAGS
In The Wild
CISA KEV
Exploit Avaliable
VECTOR STRING
CVSS:3.1
AV:N
AC:H
PR:H
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-12-18
LAST MODIFIED2025-01-13
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-12686 is a vulnerability in Privileged Remote Access (PRA) and Remote Support (RS) systems that allows an attacker with existing administrative privileges to execute arbitrary commands as a site user. This vulnerability falls under the CWE-78 category, which describes 'OS Command Injection.' While the CVSS score is 6.6, the SOCRadar Vulnerability Risk Score (SVRS) is 30, suggesting a moderate risk level. However, the 'In The Wild' tag indicates that this vulnerability is being actively exploited by hackers, making it a critical concern for organizations.

Key Insights

  • Elevated Privilege Exploitation: The vulnerability allows an attacker with administrative privileges to gain control of user accounts and execute malicious commands. This represents a serious escalation of privileges, enabling attackers to gain access to sensitive data or compromise the entire system.
  • Potential for Data Exfiltration: Successful exploitation of CVE-2024-12686 could result in unauthorized access to sensitive data stored on the target system. This could include confidential customer information, proprietary business data, or critical infrastructure details.
  • Active Exploitation: The 'In The Wild' tag signifies that attackers are currently using this vulnerability in their campaigns, highlighting the urgent need for mitigation measures.
  • Remote Exploitation: As the vulnerability affects PRA and RS systems, it can be exploited remotely, making it a significant threat to organizations with remote access capabilities.

Mitigation Strategies

  • Patching: Immediately apply any available patches or updates from the vendor addressing CVE-2024-12686.
  • Access Control: Implement robust access control measures to restrict administrative privileges and limit the number of users with elevated permissions.
  • Input Validation: Utilize input validation techniques to prevent malicious code from being injected into the system through PRA and RS interfaces.
  • Network Segmentation: Segment the network to isolate vulnerable systems and prevent attackers from spreading laterally once they gain initial access.

Additional Information

For further insights into this vulnerability or to discuss specific actions related to your organization, please utilize the 'Ask to Analyst' feature within SOCRadar, contact SOCRadar directly, or open a support ticket for more information.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-126862025-01-13
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

6th January– Threat Intelligence Report
[email protected]2025-03-01
6th January– Threat Intelligence Report | For the latest discoveries in cyber research for the week of 6th January, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Check Point elaborated on the US Treasury Department cyber-attack that compromised employee workstations and classified documents. The breach, attributed to a China state-sponsored threat actor, involved unauthorized remote access using a security […] The post 6th January– Threat Intelligence Report appeared first on Check Point
cve-2024-12686
cve-2024-12356
cve-2024-49113
cve-2024-12108
The US Treasury Attack: Key Events and Security Implications
CyberArk Labs2025-03-01
The US Treasury Attack: Key Events and Security Implications | There’s a dark joke in cybersecurity: each year ends with an unwelcome holiday surprise—a major security incident. This timing isn’t random. Threat actors target this timing, knowing security teams operate with skeleton crews that impact...
cyberark.com
rss
forum
news
CVE-2024-12686 | BeyondTrust Remote Support & Privileged Remote Access up to 24.3.1 os command injection (Nessus ID 213464)
vuldb.com2025-02-16
CVE-2024-12686 | BeyondTrust Remote Support & Privileged Remote Access up to 24.3.1 os command injection (Nessus ID 213464) | A vulnerability has been found in BeyondTrust Remote Support & Privileged Remote Access up to 24.3.1 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to os command injection. This vulnerability is known as CVE-2024-12686. The attack can be launched remotely. Furthermore, there is an
vuldb.com
rss
forum
news
Experts discovered PostgreSQL flaw chained with BeyondTrust zeroday in targeted attacks
Pierluigi Paganini2025-02-14
Experts discovered PostgreSQL flaw chained with BeyondTrust zeroday in targeted attacks | Threat actors are exploiting a zero-day SQL injection vulnerability in PostgreSQL, according to researchers from cybersecurity firm Rapid7. Rapid7 researchers discovered a high-severity SQL injection flaw, tracked as CVE-2025-1094, in PostgreSQL&#8217;s psql tool. The experts discovered the flaw while investigating the exploitation of the vulnerability CVE-2024-12356 for remote code execution. BeyondTrust patched CVE-2024-12356 in December [&#8230;] <h2 class="wp-block
securityaffairs.co
rss
forum
news
Cybersecurity Weekly Brief: Latest on Attacks, Vulnerabilities, &amp; Data Breaches
Guru Baran2025-02-09
Cybersecurity Weekly Brief: Latest on Attacks, Vulnerabilities, &amp; Data Breaches | Welcome to this week’s Cybersecurity Newsletter, which provides the latest updates and key insights from the ever-evolving field of cybersecurity. In the current fast-paced digital landscape, it is essential to remain informed. Our objective is to deliver the most pertinent information that will assist you in effectively navigating these challenges. This edition focuses on emerging [&#8230;] The post Cybersecurity Weekly Brief: Latest on Attacks, Vulnerabilities, &amp; Data Breaches appeared first
cybersecuritynews.com
rss
forum
news
BeyondTrust Zero-Day Breach Exposes 17 SaaS Customers via Compromised API Key
Ajit Jasrotia2025-02-01
BeyondTrust Zero-Day Breach Exposes 17 SaaS Customers via Compromised API Key | BeyondTrust has revealed it completed an investigation into a recent cybersecurity incident that targeted some of the company&#8217;s Remote Support SaaS instances by making use of a compromised API key. The company said the breach involved 17 Remote Support SaaS customers and that the API key was used to enable unauthorized access by resetting local [&#8230;] The post BeyondTrust Zero-Day Breach Exposes 17 SaaS Customers via Compromised API Key
allhackernews.com
rss
forum
news
Weekly Cybersecurity Digest: Latest in Cyber Attacks, Vulnerabilities, and Data Breaches - CybersecurityNews
2025-01-19
Weekly Cybersecurity Digest: Latest in Cyber Attacks, Vulnerabilities, and Data Breaches - CybersecurityNews | News Content: Welcome to this week’s Cyber Security Newsletter, where we delve into the latest developments and key updates in the realm of cybersecurity. Your involvement in this swiftly changing digital environment is vital, and we aim to deliver the most pertinent insights and information to you. This issue highlights emerging threats and the current state of defenses in our transforming digital landscape. We will explore critical topics such as advanced ransomware assaults and the influence of state-sponsored cyber activities on international security. Our examination will
google.com
rss
forum
news

Social Media

The attackers leveraged two Zero-Day vulnerabilities (CVE-2024-12356 and CVE-2024-12686) along with a stolen API key to infiltrate BeyondTrust’s systems and 17 remote support services. https://t.co/nHMcQ3dt5g
0
0
0
BeyondTrust revealed that attackers breached its systems and 17 Remote Support SaaS instances in early December using two zero-day bugs (CVE-2024-12356 and CVE-2024-12686) and a stolen API key. https://t.co/DEz5kN12Ff
0
0
1
BeyondTrust reveló que por una falla de seguridad de PostgreSQL hackearon sus sistemas y 17 instancias de SaaS de soporte remoto a principios de diciembre utilizando dos errores de día cero (CVE-2024-12356 y CVE-2024-12686) y una clave API robada. 🧉 https://t.co/ggO4tCAQfc
0
0
1
Actively exploited CVE : CVE-2024-12686
1
0
0
CVE-2024-12686 - BeyondTrust vulnerability exploited in the wild https://t.co/bq0tRbz0aI https://t.co/Z7Dh2yNXe9
0
0
0
🤔 Did you know? The CVE-2024-12686 vulnerability in BeyondTrust can allow attackers with admin access to execute commands remotely! Organizations must prioritize patching this flaw to prevent potential data breaches. Keep your systems secure! #VulnerabilityManagement
0
0
0
🚨 CISA has issued a directive to U.S. agencies to patch the critical CVE-2024-12686 vulnerability in BeyondTrust tools. This command injection flaw poses severe risks, including unauthorized remote code execution. Act now! #CyberSecurity #CVE2024
0
0
0
BeyondTrust is an American company that develops, markets, and supports a family of privileged identity management / access management (PIM/PAM), privileged remote access, and vulnerability management products That last bit. Vuln management. Ok so CVE-2024-12686
1
0
0
CVE-2024-12686 - BeyondTrust vulnerability exploited in the wild https://t.co/RP5II1pS0n https://t.co/eN47cDWsdr
0
0
0
Critical BeyondTrust PRA/RS vulnerability (CVE-2024-12686) under active exploitation allows admin-level OS command injection. DCS customers protected via custom sandbox &amp; hardening rules. Stay vigilant! #BeyondTrustSec #InfoSec #CyberSecurity https://t.co/ZMK9PpFpww https://t.co/3L5YO60Ikb
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppBeyondtrustremote_support
AppBeyondtrustprivileged_remote_access

References

ReferenceLink
13061848-EA10-403D-BD75-C83A022C2891https://nvd.nist.gov/vuln/detail/CVE-2024-12686
13061848-EA10-403D-BD75-C83A022C2891https://www.beyondtrust.com/trust-center/security-advisories/bt24-11

CWE Details

CWE IDCWE NameDescription
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence