Published on 31 Dec 2024
BeyondTrust has released security updates addressing vulnerabilities (CVE-2024-12356 and CVE-2024-12686) in their Remote Support (RS) and Privileged Remote Access (PRA) products. CVE-2024-12356 has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10. Both vulnerabilities have reportedly been exploited in the wild.
The vulnerabilities are:
BeyondTrust has applied the security updates to all cloud hosted instances. However, users and administrators of self-hosted affected product versions remain vulnerable and are advised to update to the latest version immediately.
More information is available here:
https://www.beyondtrust.com/remote-support-saas-service-security-investigation
https://nvd.nist.gov/vuln/detail/CVE-2024-12356
https://nvd.nist.gov/vuln/detail/CVE-2024-12686
https://www.beyondtrust.com/trust-center/security-advisories/bt24-10
https://www.beyondtrust.com/trust-center/security-advisories/bt24-11