American Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Beondtrust Privileged Remote Access (PRA) and Remote Support (RS) products to its list of Known Exploited Vulnerabilities (KEV). This vulnerability has already been exploited by attackers.
The identified vulnerability, known as CVE-2024-12356, has been rated with a high threat level of 9.8 on the CVSS scale. It falls under the Command Injection vulnerability type, allowing attackers to execute arbitrary commands on the site user’s behalf.
CISA reports that this vulnerability impacts Beondtrust PRA and RS products, enabling unauthorized individuals to input commands that will be executed with the site user’s permissions. While updates have been released to safeguard cloud versions, users of the local versions are advised to install patches BT24-10-onprem or BT24-10-onprem2, as recommended by the company.
Following a report by Beondtrust regarding a cyber incident where its Remote Support Saas system was compromised, an active exploitation of the vulnerability was confirmed. Attackers managed to access the API Kluck, utilizing it to reset passwords in local accounts.
Furthermore, during an investigation involving third-party experts, another vulnerability of medium criticality was discovered- CVE-2024-12686 (CVSS 6.6). This vulnerability permits attackers to access administrative privileges to execute commands using the site user’s rights, a problem rectified in the latest software versions.
Users of PRA and RS can access patches BT24-11-ONPREM1 and subsequent versions based on their current software version. Beondtrust has informed affected clients, although the extent of the attack and the identity of the attackers remain undisclosed.
The inclusion of CVE-2024-12356 vulnerability in CISA’s known exploited vulnerabilities catalog underscores its severity. Users are strongly urged to promptly install the necessary updates to mitigate risks.