On December 16, 2024, BeyondTrust published a security advisory outlining a vulnerability impacting their Remote Support (RS) and Privileged Remote Access (PRA) software. The flaw, CVE-2024-12356, is a critical severity command injection vulnerability. If successfully exploited it can allow an unauthenticated remote threat actor to execute underlying operating system commands within the context of the site user. BeyondTrust has released a patch to fix the flaw for all supported releases of RS & PRA 22.1.x and higher.
Arctic Wolf has not observed exploitation of this vulnerability or identified a publicly available proof-of-concept exploit. While BeyondTrust products have not been exploited in the past, other similar remote access products such as ScreenConnect were targeted earlier this year by ransomware actors. As these products provide privileged remote access to an organizations network they are a highly valuable target for threat actors.
Recommendations
Upgrade to Latest Fixed Version
Arctic Wolf strongly recommends that customers upgrade to the latest fixed version.
| Product | Affected Version | Fixed Version |
| BeyondTrust Privileged Remote Access (PRA) |
|
|
| BeyondTrust Remote Support (RS) |
|
|
Note: Patches are only available for versions that are still supported (i.e., 22.1.x and higher). BeyondTrust applied a patch to all RS/PRA cloud instances on December 16, 2024.
