CISA Adds New BeyondTrust Vulnerability to KEV Catalog

CISA Adds New BeyondTrust Vulnerability to KEV Catalog

Title: U.S. CISA Flags New Security Flaw in BeyondTrust Products: CVE-2024-12686

Introduction
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added a significant security vulnerability, known as CVE-2024-12686, to its Known Exploited Vulnerabilities (KEV) catalog. This flaw affects BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products, with evidence suggesting it is being actively exploited. The medium-severity bug has a CVSS score of 6.6, posing a serious risk to organizations using these widely adopted solutions.

Understanding CVE-2024-12686
CISA reports that the vulnerability allows attackers with existing administrative privileges to perform OS command injection attacks. This capability could enable malicious actors to upload harmful files and execute commands as a site user.

Some key details about CVE-2024-12686 include:

  • Vulnerability Type: OS command injection
  • Potential Impact: Execution of underlying OS commands
  • Severity Score: 6.6 (medium severity)

Background on Recent Vulnerabilities
The addition of CVE-2024-12686 follows the earlier inclusion of another critical vulnerability, CVE-2024-12356, which has a higher CVSS score of 9.8. Both vulnerabilities were uncovered during BeyondTrust’s investigation of a cyber incident in December 2024. Malicious actors utilized a compromised Remote Support SaaS API key to breach systems and reset passwords for local accounts. While the API key has been revoked, the method of its compromise remains under investigation.

Implications of the Breach
The breach has broader implications, particularly for U.S. federal agencies. Recently, the U.S. Treasury Department reported that its network was compromised using the same API key linked to BeyondTrust products. This incident has been attributed to the Chinese state-sponsored group, Silk Typhoon (also known as Hafnium), which specifically targeted various Treasury departments, including the Office of Foreign Assets Control (OFAC).

Additional Vulnerabilities Added to KEV
CISA also added a critical vulnerability affecting Qlik Sense (CVE-2023-48365, CVSS score: 9.9) to the KEV catalog. This flaw allows attackers to escalate privileges and execute HTTP requests on the backend server, previously exploited by the Cactus ransomware group. Federal agencies must apply the necessary patches by February 3, 2024, to mitigate these active threats.

Conclusion
As cybersecurity threats continue to evolve, it is crucial for organizations using BeyondTrust products to remain vigilant. The discovery of CVE-2024-12686 and its implications for security highlight the need for prompt action in applying updates and monitoring for suspicious activity.

To stay informed on the latest cybersecurity incidents and updates, feel free to share your thoughts in the comments or check out our related articles for more insights on protecting your organization against emerging threats. Follow us on Twitter and LinkedIn for exclusive content and updates.

References

Share it

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *