CVE-2024-12686

Name of the Vulnerable Software and Affected Versions BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) (affected versions not specified)

Description A command injection vulnerability has been discovered in BeyondTrust's Privileged Remote Access (PRA) and Remote Support (RS) products. This vulnerability allows an attacker with existing administrative privileges to inject commands and execute them as a site user. The vulnerability is being actively exploited by attackers, and it is recommended to secure systems with the latest patches. The issue is related to the failure to neutralize special elements used in the operating system command, which can allow an attacker to elevate their privileges and execute arbitrary commands.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.