BeyondTrust has recently disclosed a serious security vulnerability in its Privileged Remote Access (PRA) and Remote Support (RS) products. This flaw, identified as CVE-2024-12356 and given a CVSS score of 9.8, allows attackers to inject arbitrary commands, potentially leading to unauthorized execution of commands on target systems. With such severe implications, it highlights the necessity for immediate attention and remediation.
Privileged Remote Access (PRA) is specifically designed to control, manage, and audit privileged accounts and credentials, providing zero trust access to both on-premises and cloud resources for various users, including internal, external, and third-party operators. Similarly, Remote Support (RS) enables service desk staff to securely connect to and manage remote systems and mobile devices. These tools are integral for maintaining secure and efficient operations within organizations.
The vulnerability impacts versions 24.3.1 and earlier of both PRA and RS products. BeyondTrust has promptly released patches to address this issue, with PRA updates identified as BT24-10-ONPREM1 or BT24-10-ONPREM2, and RS sharing the same patches. Cloud instances of this software were patched by December 16, 2024. However, users operating on-premises versions who do not opt for automatic updates must manually apply these patches. Additionally, BeyondTrust mentioned that users operating on versions older than 22.1 will need to upgrade before applying the necessary fixes.
The revelation of this vulnerability emerged during a forensic investigation following a “security incident” on December 2, 2024. This incident involved a limited number of Remote Support SaaS customers. An in-depth analysis revealed that an API key for Remote Support SaaS had been compromised. BeyondTrust acted swiftly by revoking the API key, notifying affected customers, and suspending compromised instances on the same day. Furthermore, they provided alternative Remote Support SaaS instances to impacted customers, ensuring continuity of services.
BeyondTrust continues its collaboration with a cybersecurity and forensics firm to thoroughly determine the cause and impact of the compromise. This ongoing investigation aims at ensuring a comprehensive understanding and remediation plan to address the security situation fully. Users are encouraged to stay informed by following BeyondTrust on social media platforms like Twitter and LinkedIn for continuous updates and insights related to these developments and broader cybersecurity topics.
In summary, BeyondTrust has identified and responded to a critical security flaw in their PRA and RS products, which could lead to arbitrary command execution, and the company has released needed patches to address this vulnerability. They took swift action following a security incident and are working with experts to investigate and mitigate the full scope of the compromise, ensuring the security and integrity of their software.