CVE-2024-12686 | THREATINT

Description

A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.

PUBLISHED Reserved 2024-12-16 | Published 2024-12-18 | Updated 2025-10-21 | Assigner BT

MEDIUM: 6.6CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA Known Exploited Vulnerability

Date added 2025-01-13 | Due date 2025-02-03

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Problem types

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Default status

unaffected

Any version

affected

References

www.cisa.gov/...erabilities-catalog?field_cve=CVE-2024-12686 government-resource

nvd.nist.gov/vuln/detail/CVE-2024-12686

www.beyondtrust.com/trust-center/security-advisories/bt24-11

cve.org (CVE-2024-12686)

nvd.nist.gov (CVE-2024-12686)

Download JSON