Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Vulnerabilities & Exploits » CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List

CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List

CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List

https://firewall.firm.in/wp-content/uploads/2024/12/cisa.jpg

Dec 20, 2024Ravie LakshmananCISA / Vulnerability

Cybersecurity and Infrastructure Security Agency

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.

The vulnerability, tracked as CVE-2024-12356 (CVSS score: 9.8), is a command injection flaw that could be exploited by a malicious actor to run arbitrary commands as the site user.

“BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain a command injection vulnerability, which can allow an unauthenticated attacker to inject commands that are run as a site user,” CISA said.

Cybersecurity

While the issue has already been plugged into customers’ cloud instances, those using self-hosted versions of the software are recommended to update to the below versions –

  • Privileged Remote Access (versions 24.3.1 and earlier) – PRA patch BT24-10-ONPREM1 or BT24-10-ONPREM2
  • Remote Support (versions 24.3.1 and earlier) – RS patch BT24-10-ONPREM1 or BT24-10-ONPREM2

News of active exploitation comes after BeyondTrust revealed that it was the victim of a cyber attack earlier this month that allowed unknown threat actors to breach some of its Remote Support SaaS instances.

The company, which has enlisted the help of a third-party cybersecurity and forensics firm, said its investigation into the incident found that the attackers gained access to a Remote Support SaaS API key that allowed them to reset passwords for local application accounts.

Its probe has since uncovered another medium-severity vulnerability (CVE-2024-12686, 6.6) which can allow an attacker with existing administrative privileges to inject commands and run as a site user. The newly discovered flaw has been addressed in the below versions –

  • Privileged Remote Access (PRA) – PRA patch BT24-11-ONPREM1, BT24-11-ONPREM2, BT24-11-ONPREM3, BT24-11-ONPREM4, BT24-11-ONPREM5, BT24-11-ONPREM6, and BT24-11-ONPREM7 (dependent on PRA version)
  • Remote Support (RS) – RS patch BT24-11-ONPREM1, BT24-11-ONPREM2, BT24-11-ONPREM3, BT24-11-ONPREM4, BT24-11-ONPREM5, BT24-11-ONPREM6, and BT24-11-ONPREM7 (dependent on RS version)
Cybersecurity

BeyondTrust makes no mention of either of the vulnerabilities being exploited in the wild. However, it has said that all affected customers have been notified. The exact scale of the attacks, or the identities of the threat actors behind them, is not known at present.

The Hacker News has reached out to the company for comment, and will update the piece if we hear back.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.


Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket