BeyondTrust RS/PRA, Pre-auth RCE, CVE-2024-12356 (Critical)

Listen to this Post

This vulnerability is a pre-authentication command injection flaw in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA). It resides in how the application handles specific incoming requests. An unauthenticated attacker can send a specially crafted HTTP request to the vulnerable appliance . Due to improper neutralization of special elements used in OS commands, the server passes malicious input directly to the underlying operating system. This allows the attacker to execute arbitrary system commands with the privileges of the site user, leading to full system compromise without any prior authentication .

DailyCVE Form:

Platform: BeyondTrust RS/PRA
Version: Vulnerable builds
Vulnerability : Pre-auth RCE
Severity: CRITICAL
date: February 2026

Prediction: Patches already available

What Undercode Say:

Analytics:

The exploitation of CVE-2024-12356 is now active in attacks following public PoC releases . This flaw is often chained with compromised API keys (CVE-2024-12686) to maximize damage, turning a single access point into a full network breach . Given that these are remote access tools, the potential for lateral movement and data exfiltration is extremely high.

Exploit:

A Proof-of-Concept exploit typically sends a malicious POST request to inject commands.

Example curl command structure (conceptual)
curl -k "https://target-victim:port/PathOfVulnerability" -d "param=value; whoami"

Protection from this CVE:

  1. Patch Immediately: Apply the latest security updates provided by BeyondTrust for on-premises instances. Cloud instances were patched in December 2024 .
  2. Network Segmentation: Restrict access to the admin interfaces of Remote Support and PRA appliances to trusted internal IPs only.
  3. API Key Rotation: Rotate all API keys and service account credentials immediately, enforcing least-privilege access policies .
  4. Monitor Logs: Hunt for suspicious child processes (like `cmd.exe` or /bin/sh) spawned by the web application user and unexpected outbound network connections.

Impact:

Successful exploitation grants an unauthenticated attacker complete remote control of the appliance . This can lead to a full compromise of privileged access management, exposure of credentials, and persistent backdoor access to the entire IT infrastructure managed by the tool.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: www.cve.org
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top