AI description
CVE-2024-12356 is a command injection vulnerability found in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products prior to version 24.3.1. Exploitation allows unauthenticated attackers to execute commands on the underlying operating system with the privileges of the site user. This vulnerability has a CVSS score of 9.8 and is known to be actively exploited. It affects both on-premises and SaaS instances of the affected BeyondTrust products. While patches are available, the responsibility for applying them falls on the customers using these products.
- Description
- A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.
- Source
- 13061848-ea10-403d-bd75-c83a022c2891
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability
- Exploit added on
- Dec 19, 2024
- Exploit action due
- Dec 27, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
Vulnerabilidad zero-day en PostgreSQL (CVE-2025-1094) permite inyecciones SQL, explotada junto a fallo en BeyondTrust (CVE-2024-12356) afectando al Departamento del Tesoro de EE. UU. Se recomienda actualizar a versiones 17.3, 16.7, 15.11, 14.16 y 13.19. https://t.co/qIr3RGmOec
@twuai_
18 Feb 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-1094 is a critical SQL injection vulnerability discovered by Rapid7 during the CVE-2024-12356 investigation. It allows attackers to execute arbitrary code via PostgreSQL's interactive tool due to improperly escaped input, with a Metasploit exploit module available.
@GrimmAnalyst
18 Feb 2025
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
POC Released for CVE-2024-12356 https://t.co/mli4pc9tkf
@GrimmAnalyst
18 Feb 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
PostgreSQL flaw exploited as zero-day in BeyondTrust breach CVE-2024-12356 CVE-2024-12686 #Hacking #infosec #CyberSecurity https://t.co/x6cMARhrUk
@FragmentedSoul5
17 Feb 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 New PostgreSQL and BeyondTrust Vulnerabilities Exploited in Targeted Attacks 🚨 Recent investigations have uncovered that the same threat actors who exploited the BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) zero-day (CVE-2024-12356). https://t.co/9l7wS7
@SecurityJoes
17 Feb 2025
98 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12356: A newly identified vulnerability with security implications. Rapid7 analysis: https://t.co/zcqFibDEBx #CyberSecurity #Vulnerability
@adriananglin
17 Feb 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
BeyondTrust revealed that attackers breached its systems and 17 Remote Support SaaS instances in early December using two zero-day bugs (CVE-2024-12356 and CVE-2024-12686) and a stolen API key. https://t.co/DEz5kN12Ff
@riskigy
15 Feb 2025
23 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 A significant breach at BeyondTrust exploited critical PostgreSQL vulnerabilities (CVE-2024-12356, CVE-2025-1094), compromising U.S. Treasury systems. Linked to Chinese state-backed hackers. ⚠️ #China #BeyondTrust #APIvulnerability link: https://t.co/qOW8jUtxDn https://t.co/A
@TweetThreatNews
15 Feb 2025
49 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical vulnerability CVE-2024-12356 affects BeyondTrust products, linked to an attack on the U.S. Treasury by state-sponsored Chinese actors. A PostgreSQL zero-day also discovered. 🚨 #UStreasury #ZeroDay #RemoteAccess link: https://t.co/Cf9V91VTbx https://t.co/hWHdoq8x9w
@TweetThreatNews
15 Feb 2025
42 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
BeyondTrust reveló que por una falla de seguridad de PostgreSQL hackearon sus sistemas y 17 instancias de SaaS de soporte remoto a principios de diciembre utilizando dos errores de día cero (CVE-2024-12356 y CVE-2024-12686) y una clave API robada. 🧉 https://t.co/ggO4tCAQfc
@MarquisioX
14 Feb 2025
106 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Analysis of #PostgreSQL Zero-Day Vulnerability #CVE-2025-1094 and Its Connection to BeyondTrust #CVE-2024-12356 https://t.co/AWS4Gdm0lT
@UndercodeUpdate
13 Feb 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Our @metasploit exploit module for unauthenticated RCE against BeyondTrust Privileged Remote Access & Remote Support is now available. The exploit can either leverage CVE-2024-12356 and CVE-2025-1094 together, or solely leverage CVE-2025-1094 for RCE: https://t.co/iXW6RsSsDe
@stephenfewer
13 Feb 2025
5092 Impressions
21 Retweets
67 Likes
20 Bookmarks
1 Reply
1 Quote
Today @rapid7 has disclosed CVE-2025-1094, a new PostgreSQL SQLi vuln we discovered while researching CVE-2024-12356 in BeyondTrust Remote Support. Untrusted inputs that have been safely character escaped could still generate SQLi under certain conditions: https://t.co/pfCTejv5oO
@stephenfewer
13 Feb 2025
7909 Impressions
37 Retweets
80 Likes
20 Bookmarks
3 Replies
1 Quote
New Rapid7 vuln disclosure c/o @stephenfewer: CVE-2025-1094 is a SQL injection flaw in PostgreSQL's psql interactive tool that was discovered while analyzing BeyondTrust RS CVE-2024-12356. The bug is interesting — 🧵on its relation to BeyondTrust https://t.co/h4nuEGSGw5
@catc0n
13 Feb 2025
4971 Impressions
17 Retweets
41 Likes
17 Bookmarks
1 Reply
1 Quote
🟡Thousands of BeyondTrust Systems at Risk 8,600+ BeyondTrust instances remain exposed to a critical flaw (CVE-2024-12356, CVSS 9.8) exploited by Chinese APT group Silk Typhoon. Key sectors affected: Government, Defense, Education, Research. ⚠️ Patch now or isolate vulnerable…
@Osec__
18 Jan 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List The vulnerability, tracked as CVE-2024-12356, is a command injection flaw that could be exploited by a malicious actor to run arbitrary commands as the site user. Read More: https://t.co/eyHPmM0fBF
@pinakinit1
15 Jan 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
csirt_it: ‼️ #BeyondTrust: rilevato lo sfruttamento attivo in rete delle CVE-2024-12686 e CVE-2024-12356, relative a #RemoteSupport e #PrivilegedRemoteAccess Rischio: 🔴 Tipologia: 🔸 Remote Code Execution 🔗 https://t.co/dFhjeYWZCJ ⚠ Importante agg… https://t.co/WW6zMr5nl7
@Vulcanux_
14 Jan 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA Orders Agencies to Patch BeyondTrust Vulnerabilities 🚨 Two critical flaws in BeyondTrust's Privileged Remote Access and Remote Support software (CVE-2024-12686 & CVE-2024-12356) are being actively exploited by attackers, including Chinese state-backed group Silk… ht
@arunpratap786
13 Jan 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA flags BeyondTrust vulnerabilities CVE-2024-12686 and CVE-2024-12356 as exploited by Silk Typhoon in a breach affecting the U.S. Treasury. Ensuring network security is crucial! 🔒🇺🇸 #SilkTyphoon #APIsecurity #USTreasury #CybersecurityNews link: https://t.co/jkWGxzGcoV http
@TweetThreatNews
13 Jan 2025
34 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
米国の財務省で発生したデータ侵害:中国 APT が BeyondTrust 経由で侵入? https://t.co/6tWBzXLQDb この、米財務省で発生したデータ侵害の前兆として、BeyondTrust の脆弱性 CVE-2024-12356 の悪用が、数多くのメディアから報道されていました。 いまのことろ、財務省と BeyondTrust… https://t.co/ikkE2edL5y
@iototsecnews
13 Jan 2025
98 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Heads up, cybersecurity pros: 8,600+ BeyondTrust instances are exposed online. Are your systems patched against CVE-2024-12356 & CVE-2024-12686? Manual checks recommended. Stay secure! #CyberSecurity #PatchNow https://t.co/SVlM1TSzyu
@ThreatVector24
7 Jan 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
May the forth never be with you #gforce g0vid #treasurydepartment $napsho_t 1819 1.1T iwant from @meta just figure it out The #BeyondTrust bug, tracked under CVE-2024-12356
@f13ldfx
6 Jan 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Suggested timely Security Copilot prompt: Tell me about CVE-2024-12356 and CVE-2024-12686 that was involved in a recent United States Treasury Department hack by China. Identify if these impact my own environment and give me the CVSS scores that I can include in a report to my… h
@rodtrent
6 Jan 2025
459 Impressions
1 Retweet
5 Likes
2 Bookmarks
0 Replies
0 Quotes
Chinese hackers exploit critical BeyondTrust vulnerability (CVE-2024-12356) targeting exposed systems despite recent US Treasury breach. More details here: https://t.co/t2NGnOAaxY #BeyondTrust #China #USTreasuryBreach
@CandidTodayTech
6 Jan 2025
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12356 is getting exploited #inthewild. Find out more at https://t.co/3uT3uYC4yM CVE-2021-44207 is getting exploited #inthewild. Find out more at https://t.co/rBRpk3iXZi CVE-2024-3393 is getting exploited #inthewild. Find out more at https://t.co/E9g2BcF5E3
@inthewildio
4 Jan 2025
89 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Over 8,600 BeyondTrust systems remain exposed online, with 72% in the US! A critical vulnerability (CVE-2024-12356) is being exploited by Chinese state-sponsored hackers. CVSS 9.8 🔒 #BeyondTrust #CyberThreats #USA #CybersecurityNews link: https://t.co/Mwmcim89Yy https://t.co
@TweetThreatNews
3 Jan 2025
45 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Threat Alert: Chinese hackers breach US treasury- third-party alert triggers cybersecurity pro CVE-2024-12356 Severity: ⚠️ Critical Maturity: 💥 Mainstream Learn more: https://t.co/f4o28axtcx #CyberSecurity #ThreatIntel #InfoSec (1/3)
@fletch_ai
2 Jan 2025
9 Impressions
1 Retweet
0 Likes
0 Bookmarks
1 Reply
0 Quotes
💡 January 2 Advisory: Actively Exploited Vulnerability in #BeyondTrust Products [CVE-2024-12356] https://t.co/zQVudHVEDA via @censysio #infosec #cybersecurity
@jc_vazquez
2 Jan 2025
90 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 U.S. Treasury hacked! Suspected Chinese hackers exploited a stolen API key via BeyondTrust, accessing computers & unclassified docs. Critical flaws (CVE-2024-12356) actively exploited. Treasury works with CISA & FBI. Secure your third-party tools! #DataBreach #APT
@Haa384039
31 Dec 2024
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 BeyondTrust Remote Support and Privileged Remote Access (PRA) Critical Vulnerability (#CVE-2024-12356) https://t.co/Mbx7HwoMdy
@dailycve
30 Dec 2024
43 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Alert: CVE-2024-12356 Command Injection Vulnerability in BeyondTrust RS & PRA 🚨 WIRE TOR - The Ethical Hacking Services A critical command injection vulnerability (CVE-2024-12356) has been identified in BeyondTrust Remote Support (RS) and Privileged Remote. #hac
@WireTor
29 Dec 2024
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-12856 2 - CVE-2024-9047 3 - CVE-2024-3393 4 - CVE-2024-49112 5 - CVE-2024-12356 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
29 Dec 2024
8 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨CVE-2024-12356 : Critical Severity Command Injection Vulnerability in BeyondTrust Remote Support (RS) & Privileged Remote Access (PRA) 🔥EXP : https://t.co/FNxvyXFucp 📊 30k+ Services are found on https://t.co/ysWb28BTvF yearly. 🔗Hunter Link: https://t.co/TAXXM2IjOa
@HunterMapping
27 Dec 2024
3632 Impressions
17 Retweets
63 Likes
17 Bookmarks
4 Replies
1 Quote
CVE-2024-12356, is a critical severity command injection vulnerability. If successfully exploited it can allow an unauthenticated remote threat actor to execute underlying operating system commands within the context of the site user. https://t.co/y2D7CSRGVT
@ChannelSkell
26 Dec 2024
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
تازگی برای محصول (PRA) و Remote Support (RS) آسیب پذیری با کد شناسایی CVE-2024-12356 منتشر شده است. این آسیب پذیری از نوع command injection بوده و به هکرها اجازه می دهد که بدون احراز هویت کامند اجرا کنند. https://t.co/Poz3aKYxT1 https://t.co/EMXd0x7yVc
@AmirHossein_sec
26 Dec 2024
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA warns of an actively exploited critical flaw (CVE-2024-12356, CVSS: 9.8) in BeyondTrust's Privileged Remote Access (PRA) and Remote Support (RS) products. Attackers can exploit this flaw to run arbitrary commands—no authentication required. Read:… https://t.co/9m0Nl
@Cyberwald_talks
24 Dec 2024
34 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12356 alert 🚨 BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability Recheck The vulnerability is actively exploited in the wild and has been integrated into Patrowl. Our customers assets are protected. 🦉 #CyberSecurity #Info
@Patrowl_io
24 Dec 2024
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA warns of an actively exploited critical flaw (CVE-2024-12356, CVSS: 9.8) in BeyondTrust's Privileged Remote Access (PRA) and Remote Support (RS) products. Attackers can exploit this flaw to run arbitrary commands—no authentication required. Read: https://t.co/hFf2ZWpQew
@L8on_Hargrave
23 Dec 2024
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA adds critical BeyondTrust vulnerability (CVE-2024-12356) to KEV catalog due to active exploitation. Update self-hosted versions immediately! #Cybersecurity #BeyondTrust #Vulnerability https://t.co/7SBfTtRsnq
@TLDRStories
23 Dec 2024
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12356 alert 🚨 BeyondTrust: Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability The vulnerability is actively exploited in the wild and has been integrated into Patrowl. Our customers assets are protected. 🦉 #CyberSecurity #InfoSec htt
@Patrowl_io
23 Dec 2024
86 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
BeyondTrust SaaS Breach Comprehensive Breakdown #BeyondTrust #SaaSBreach #CVE-2024-12356 https://t.co/KAUvmZCZum
@pravin_karthik
23 Dec 2024
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
5/8 For on-premise systems, upgrade to at least 22.1.x before applying the patch to protect against CVE-2024-12356. 🔄🛠️ #CybersecurityUpdate
@Eth1calHackrZ
23 Dec 2024
17 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
1/8 🚨 BeyondTrust addresses critical command injection flaw, CVE-2024-12356, in its PRA & RS products. Immediate patching advice! 🛡️ #CybersecurityPatch #RemoteAccess
@Eth1calHackrZ
23 Dec 2024
13 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-54150 2 - CVE-2023-34990 3 - CVE-2024-12356 4 - CVE-2024-56145 5 - CVE-2024-12727 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
22 Dec 2024
161 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Breaking: BeyondTrust confirms hackers breached Remote Support SaaS instances using CVE-2024-12356, a critical command injection flaw. 🔒 Patches applied for cloud instances; self-hosted users must act quickly to secure systems. Read more here: BleepingComputer (Source:… htt
@Funker_Dev
22 Dec 2024
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Atención, profesionales de ciberseguridad: la vulnerabilidad CVE-2024-12356 en BeyondTrust pone en riesgo datos críticos. ¡Actúa ahora! Infórmate sobre cómo protegerte: https://t.co/eIgjYv7aO1 #Ciberseguridad #BeyondTrust #Vulnerabilidades
@SotyHub
21 Dec 2024
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#threatreport #LowCompleteness BeyondTrust Security Incident - Command Injection and Escalation Weaknesses (CVE-2024-12356, CVE-2024-12686) | 20-12-2024 Source: https://t.co/shhSZVUHbb Key details below ↓ 💀Threats: Beyondtrust_tool, 🔓CVEs: CVE-2024-12686… https://t.co/hIM8LDx
@rst_cloud
21 Dec 2024
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers breached BeyondTrust's Remote Support SaaS instances, exploiting a critical command injection flaw. This cyberattack enabled them to access a SaaS API and reset account passwords. 🚨 CVE-2024-12356 - CVSS 9.8 CISA has added this critical 9.8 rated flaw to its Known… htt
@cytexsmb
20 Dec 2024
390 Impressions
2 Retweets
4 Likes
0 Bookmarks
0 Replies
1 Quote
🚨 BeyondTrust has fixed a critical command injection vulnerability (CVE-2024-12356) in their Remote Access and Support solutions. All users must apply the patch to prevent remote code execution risks. 🔒 #BeyondTrustSecurity #RemoteAccessRisks #Cybersec… https://t.co/5wAUbK9oO5
@TweetThreatNews
20 Dec 2024
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
BeyondTrust has fixed an unauthenticated command injection vulnerability (CVE-2024-12356) in its Privileged Remote Access (PRA) and Remote Support (RS) products that may allow remote code execution, and is urging organizations with on-premise installations to test the patch and
@cybertzar
20 Dec 2024
61 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beyondtrust:privileged_remote_access:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D402E4B5-D3EA-4AD1-8954-92FB6A873906",
"versionEndIncluding": "24.3.1"
},
{
"criteria": "cpe:2.3:a:beyondtrust:remote_support:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AD0D0CD2-E8CE-40B6-B8F0-2FB1A98DA3F8",
"versionEndIncluding": "24.3.1"
}
],
"operator": "OR"
}
]
}
]