BeyondTrust has disclosed particulars of a important safety flaw in Privileged Distant Entry (PRA) and Distant Help (RS) merchandise that would doubtlessly result in the execution of arbitrary instructions.
Privileged Distant Entry controls, manages, and audits privileged accounts and credentials, providing zero belief entry to on-premises and cloud sources by inner, exterior, and third-party customers. Distant Help permits service desk personnel to securely connect with distant programs and cell units.
The vulnerability, tracked as CVE-2024-12356 (CVSS rating: 9.8), has been described for instance of command injection.
“A important vulnerability has been found in Privileged Distant Entry (PRA) and Distant Help (RS) merchandise which might permit an unauthenticated attacker to inject instructions which can be run as a web site person,” the corporate stated in an advisory.
An attacker may exploit the flaw by sending a malicious consumer request, successfully resulting in the execution of arbitrary working programs throughout the context of the positioning person.
The problem impacts the next variations –
- Privileged Distant Entry (variations 24.3.1 and earlier) – Fastened in PRA patch BT24-10-ONPREM1 or BT24-10-ONPREM2
- Distant Help (variations 24.3.1 and earlier) – Fastened in RS patch BT24-10-ONPREM1 or BT24-10-ONPREM2
A patch for the vulnerability has already been utilized to cloud situations as of December 16, 2024. Customers of on-premise variations of the software program are advisable to use the newest fixes if they don’t seem to be subscribed to automated updates.
“If prospects are on a model older than 22.1, they might want to improve to be able to apply this patch,” BeyondTrust stated.
The corporate stated the shortcoming was uncovered throughout an ongoing forensics investigation that was initiated following a “safety incident” on December 2, 2024, involving a “restricted variety of Distant Help SaaS prospects.”
“A root trigger evaluation right into a Distant Help SaaS challenge recognized an API key for Distant Help SaaS had been compromised,” BeyondTrust stated, including it “instantly revoked the API key, notified recognized impacted prospects, and suspended these situations the identical day whereas offering various Distant Help SaaS situations for these prospects.”
BeyondTrust additionally stated it is nonetheless working to find out the trigger and impression of the compromise in partnership with an unnamed “cybersecurity and forensics agency.”