CVE-2024-12686

MEDIUM KEV

Beyondtrust Privileged Remote Access < 24.3.1 - OS Command Injection

Title source: rule

Description

A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.

References (3)

[Third Party Advisory, US Government Resource] https://nvd.nist.gov/vuln/detail/CVE-2024-12686

[Vendor Advisory] https://www.beyondtrust.com/trust-center/security-advisories/bt24-11

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-12686

Scores

CVSS v3 6.6

EPSS 0.3153

EPSS Percentile 96.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2025-01-13

VulnCheck KEV 2024-12-18

ENISA EUVD EUVD-2024-51049

CWE

CWE-78

Status published

Products (2)

beyondtrust/privileged_remote_access < 24.3.1

beyondtrust/remote_support < 24.3.1

Published Dec 18, 2024

KEV Added Jan 13, 2025

Tracked Since Feb 18, 2026