Article Details
Scrape Timestamp (UTC): 2024-12-20 04:35:28.156
Source: https://thehackernews.com/2024/12/cisa-adds-critical-flaw-in-beyondtrust.html
Original Article Text
Click to Toggle View
CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2024-12356 (CVSS score: 9.8), is a command injection flaw that could be exploited by a malicious actor to run arbitrary commands as the site user. "BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain a command injection vulnerability, which can allow an unauthenticated attacker to inject commands that are run as a site user," CISA said. While the issue has already been plugged into customers' cloud instances, those using self-hosted versions of the software are recommended to update to the below versions - News of active exploitation comes after BeyondTrust revealed that it was the victim of a cyber attack earlier this month that allowed unknown threat actors to breach some of its Remote Support SaaS instances. The company, which has enlisted the help of a third-party cybersecurity and forensics firm, said its investigation into the incident found that the attackers gained access to a Remote Support SaaS API key that allowed them to reset passwords for local application accounts. Its probe has since uncovered another medium-severity vulnerability (CVE-2024-12686, 6.6) which can allow an attacker with existing administrative privileges to inject commands and run as a site user. The newly discovered flaw has been addressed in the below versions - BeyondTrust makes no mention of either of the vulnerabilities being exploited in the wild. However, it has said that all affected customers have been notified. The exact scale of the attacks, or the identities of the threat actors behind them, is not known at present. The Hacker News has reached out to the company for comment, and will update the piece if we hear back.
Daily Brief Summary
CISA has added a severe security vulnerability in BeyondTrust software to its Known Exploited Vulnerabilities catalog.
The flaw, identified as CVE-2024-12356 with a CVSS score of 9.8, allows command injection by unauthenticated users.
BeyondTrust has already patched the flaw for its cloud-based solutions, but self-hosted users need to manually update their systems.
A separate cyber attack on BeyondTrust earlier this month led to the compromise of some Remote Support SaaS instances.
Attackers in this incident used a stolen API key to reset account passwords on the local application.
Another vulnerability, CVE-2024-12686, was uncovered during investigations, also allowing command injection, but with lesser severity.
BeyondTrust has communicated with all affected customers and has fixed the newly discovered issues in the latest software versions.
The extent of the damage and the identities of the attackers are still not fully known.