Detections
Analytics
CVE-2024-12356
critical
Description
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.
References
https://www.theregister.com/2025/02/14/postgresql_bug_treasury/
https://thehackernews.com/2025/02/postgresql-vulnerability-exploited.html
https://www.securityweek.com/cisa-warns-of-second-beyondtrust-vulnerability-exploited-in-attacks/
https://www.darkreading.com/threat-intelligence/thousands-of-buggy-beyondtrust-systems-still-exposed
Details
Published: 2024-12-17
Updated: 2025-03-10
Named Vulnerability: BeyondTrust Remote Support SaaS Zero-DayKnown Exploited Vulnerability (KEV)
Risk Information
CVSS v2
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Severity: Critical
CVSS v3
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: Critical
EPSS
EPSS: 0.935
Vulnerability Watch
Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.
Vulnerability Being Monitored