← ExploitWatch
HomeExploited Vulnerabilities

CVE-2024-12686 — Actively Exploited: Privileged Remote Access (PRA) and Remote Support (RS) (BeyondTrust)

BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain an OS command injection vulnerability that can be exploited by an attacker with existing administrative privileges to upload a malicious file. Successful exploitation of this vulnerability can allow a remote attacker to execute underlying operat

CVE IDCVE-2024-12686
VendorBeyondTrust
ProductPrivileged Remote Access (PRA) and Remote Support (RS)
Vulnerability nameBeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerabilit
Date added2025-01-13
Remediation due2025-02-03
Known ransomware useUnknown
Required actionApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
DescriptionBeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain an OS command injection vulnerability that can be exploited by an attacker with existing administrative privileges to upload a malicious file. Successful exploitation of this vulnerability can allow a remote attacker to execute underlying operating system commands within the context of the site user.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →