CVE-2024-12686: 
BeyondTrust Privileged Remote Access Client vulnerability analysis and mitigation

A vulnerability has been discovered in BeyondTrust's Privileged Remote Access (PRA) and Remote Support (RS) products (CVE-2024-12686) which allows attackers with existing administrative privileges to inject commands and run them as a site user. The vulnerability was disclosed on December 18, 2024, and affects versions up to and including 24.3.1 of both PRA and RS products (NVD).

The vulnerability is classified as a command injection flaw (CWE-78) with a CVSS v3.1 base score of 7.2 (HIGH) according to NVD, while BeyondTrust assessed it with a score of 6.6 (MEDIUM). The vulnerability requires high privileges but has low attack complexity and no user interaction requirements for exploitation (NVD).

Successful exploitation of this vulnerability allows attackers with administrative privileges to execute arbitrary commands as a site user, potentially compromising the security of the affected systems. The vulnerability affects both cloud-hosted and self-hosted instances of BeyondTrust's PRA and RS solutions (SOCRadar).

BeyondTrust has released patches to address this vulnerability in both cloud and self-hosted instances. Organizations running self-hosted instances must manually apply the updates to mitigate the risks. The patches were released between December 16-18, 2024 (SOCRadar).