CVE-2024-12356 — BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injec

A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.

01What is this vulnerability?

A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.

02Affected products

Vendor	Product	Versions
BeyondTrust	Remote Support	0
BeyondTrust	Privileged Remote Access	0

03Active exploitation status

Yes — actively exploited. Added to the CISA KEV catalog on 2024-12-19. Ransomware use: Unknown.

04Recommended remediation

• Patch to a fixed version listed in the vendor advisory (see references below).
• Mitigate with WAF rules, network egress filters, or feature flags where the patch is not yet available.
• Hunt historical logs for exploitation indicators — see Detection signatures below.

05Technical details

For the full vendor write-up, exploit chains, and reference implementations, see the references list in section 09.

06Detection signatures

Open the Sigma generator with a pre-filled prompt for this CVE to draft a starting detection in your stack of choice:

Open in Sigma generator →

07Related CVEs

No directly-cited follow-up CVEs in the KB record for this advisory. The references list in section 09 carries the vendor cross-references.

08Timeline

• Published: 2024-12-17T04:29:07.883Z
• Last modified: 2025-10-21T22:55:34.239Z
• Added to CISA KEV: 2024-12-19
• BOD 22-01 due: 2024-12-27

09References

• www.cve.org — https://www.cve.org/CVERecord?id=CVE-2024-12356
• nvd.nist.gov — https://nvd.nist.gov/vuln/detail/CVE-2024-12356
• www.beyondtrust.com — https://www.beyondtrust.com/trust-center/security-advisories/bt24-10