CVE-2024-12686: Command Injection vulnerability in Remote Support(RS) & Privilege Remote Access (PRA)

6.6 CVSS

Description

A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.

Known Exploited

🚨 Marked as known exploited on January 13th, 2025 (4 months ago).

Classification

CVE ID: CVE-2024-12686

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.6

CVSS Vector:

Affected Products

Vendor: BeyondTrust

Product: Remote Support(RS) & Privileged Remote Access(PRA)

Exploit Prediction Scoring System (EPSS)

EPSS Score: 6.18% (probability of being exploited)

EPSS Percentile: 93.56% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-12686
https://www.beyondtrust.com/trust-center/security-advisories/bt24-11

Timeline