CVE-2024-12356
CRITICAL
9,8
Source: 13061848-ea10-403d-bd75-c83a022c2891
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Description
AI Translation Available
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,9369
Percentile
1,0th
Updated
EPSS Score Trend (Last 90 Days)
77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
DraftCommon Consequences
Security Scopes Affected:
Integrity
Confidentiality
Availability
Potential Impacts:
Execute Unauthorized Code Or Commands
Applicable Platforms
Technologies:
AI/ML
Application
Remote Support by Beyondtrust
Version Range Affected
To
24.3.1
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:beyondtrust:remote_support:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Privileged Remote Access by Beyondtrust
Version Range Affected
To
24.3.1
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:beyondtrust:privileged_remote_access:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://nvd.nist.gov/vuln/detail/CVE-2024-12356
https://www.beyondtrust.com/trust-center/security-advisories/bt24-10
https://www.cve.org/CVERecord?id=CVE-2024-12356
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024…
https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis