BeyondTrust patches critical vulnerability in Privileged Remote Access (PRA) and Remote Support (RS)
Take action: If you are running on-prem versions of BeyondTrust Privileged Remote Access (PRA) or Remote Support (RS) products, patch them ASAP. Both platforms are exposed to the internet by design, and attackers have already found a way to target them. Don't delay.
Learn More
BeyondTrust is reporting a critical security vulnerability affecting its Privileged Remote Access (PRA) and Remote Support (RS) products. Privileged Remote Access provides zero trust access control and management for privileged accounts and credentials across on-premises and cloud resources, while Remote Support enables secure remote connections to systems and mobile devices for service desk personnel.
The flaw is tracked as CVE-2024-12356 (CVSS score of 9.8) - a command injection flaw that could allow unauthenticated attackers to execute arbitrary operating system commands within the context of the site user. The discovery of this vulnerability came during a forensics investigation following a security incident on December 2, 2024, which affected a limited number of Remote Support SaaS customers.
The vulnerability affects all versions up to and including 24.3.1 of both products.
BeyondTrust has already addressed the vulnerability in cloud instances as of December 16, 2024. For on-premise installations, patches have been released: BT24-10-ONPREM1 or BT24-10-ONPREM2 for both PRA and RS products.
Customers using versions older than 22.1 must first upgrade their installation before applying these security patches. The company continues to investigate the root cause and impact of the initial compromise with assistance from an external cybersecurity and forensics firm.
