CVE-2024-12686

MEDIUM6.6Injection

CISA KEV

Description

A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

BeyondTrust / Remote Support(RS) & Privileged Remote Access(PRA)0 – 24.3.1

References

CONFIRMhttps://nvd.nist.gov/vuln/detail/CVE-2024-12686
VENDOR_ADVISORYhttps://www.beyondtrust.com/trust-center/security-advisories/bt24-11

Updated 3m ago · 2 sources