AI description
CVE-2024-12356 is a command injection vulnerability found in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products prior to version 24.3.1. Exploitation allows unauthenticated attackers to execute commands on the underlying operating system with the privileges of the site user. This vulnerability has a CVSS score of 9.8 and is known to be actively exploited. It affects both on-premises and SaaS instances of the affected BeyondTrust products. While patches are available, the responsibility for applying them falls on the customers using these products.
- Description
- A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.
- Source
- 13061848-ea10-403d-bd75-c83a022c2891
- NVD status
- Analyzed
- Products
- privileged_remote_access, remote_support
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability
- Exploit added on
- Dec 19, 2024
- Exploit action due
- Dec 27, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
12
🚨 A critical pre-auth RCE has been disclosed in BeyondTrust Remote Support and PRA (CVE-2026-1731, CVSS 9.9) Our intel suggests this is another websocket vuln, similar to CVE-2024-12356 🍯We have added a BeyondTrust RS honeypot stream for Defused TF 👉 https://t.co/GXFaq
@DefusedCyber
9 Feb 2026
7886 Impressions
12 Retweets
51 Likes
10 Bookmarks
0 Replies
1 Quote
🔒【注意喚起】PostgreSQLとBeyondTrustのゼロデイ脆弱性が連携して悪用され、リモートコード実行が可能となる攻撃が確認されています。  •CVE-2025-1094(PostgreSQL): SQLインジェクションによる任意のシェルコマ
@SecTrendjp99886
2 Jun 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
PostgreSQLのSQLインジェクション脆弱性(CVE-2025-1094)が9年以上隠れ、アメリカ財務省侵入に悪用された事例が明らかに。psqlのUTF-8処理不備が原因で、ゼロデイ(CVE-2024-12356)と連携し攻撃成功。2025年2月修正済みだが、高度な技術が必要なため広範な悪用は限定的か。
@atkmywk
18 Mar 2025
162 Impressions
1 Retweet
1 Like
1 Bookmark
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-12356
@transilienceai
10 Mar 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-12356
@transilienceai
10 Mar 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-12356
@transilienceai
9 Mar 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-12356
@transilienceai
7 Mar 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-12356
@transilienceai
5 Mar 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-12356
@transilienceai
4 Mar 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-12356
@transilienceai
3 Mar 2025
28 Impressions
1 Retweet
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-12356
@transilienceai
2 Mar 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-12356
@transilienceai
1 Mar 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-12356
@transilienceai
28 Feb 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-12356
@transilienceai
28 Feb 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-12356
@transilienceai
28 Feb 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Vulnerabilidad zero-day en PostgreSQL (CVE-2025-1094) permite inyecciones SQL, explotada junto a fallo en BeyondTrust (CVE-2024-12356) afectando al Departamento del Tesoro de EE. UU. Se recomienda actualizar a versiones 17.3, 16.7, 15.11, 14.16 y 13.19. https://t.co/qIr3RGmOec
@twuai_
18 Feb 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-1094 is a critical SQL injection vulnerability discovered by Rapid7 during the CVE-2024-12356 investigation. It allows attackers to execute arbitrary code via PostgreSQL's interactive tool due to improperly escaped input, with a Metasploit exploit module available.
@GrimmAnalyst
18 Feb 2025
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
POC Released for CVE-2024-12356 https://t.co/mli4pc9tkf
@GrimmAnalyst
18 Feb 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
PostgreSQL flaw exploited as zero-day in BeyondTrust breach CVE-2024-12356 CVE-2024-12686 #Hacking #infosec #CyberSecurity https://t.co/x6cMARhrUk
@FragmentedSoul5
17 Feb 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 New PostgreSQL and BeyondTrust Vulnerabilities Exploited in Targeted Attacks 🚨 Recent investigations have uncovered that the same threat actors who exploited the BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) zero-day (CVE-2024-12356). https://t.co/9l7wS7
@SecurityJoes
17 Feb 2025
98 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12356: A newly identified vulnerability with security implications. Rapid7 analysis: https://t.co/zcqFibDEBx #CyberSecurity #Vulnerability
@adriananglin
17 Feb 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
BeyondTrust revealed that attackers breached its systems and 17 Remote Support SaaS instances in early December using two zero-day bugs (CVE-2024-12356 and CVE-2024-12686) and a stolen API key. https://t.co/DEz5kN12Ff
@riskigy
15 Feb 2025
23 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 A significant breach at BeyondTrust exploited critical PostgreSQL vulnerabilities (CVE-2024-12356, CVE-2025-1094), compromising U.S. Treasury systems. Linked to Chinese state-backed hackers. ⚠️ #China #BeyondTrust #APIvulnerability link: https://t.co/qOW8jUtxDn https://t.co/A
@TweetThreatNews
15 Feb 2025
49 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical vulnerability CVE-2024-12356 affects BeyondTrust products, linked to an attack on the U.S. Treasury by state-sponsored Chinese actors. A PostgreSQL zero-day also discovered. 🚨 #UStreasury #ZeroDay #RemoteAccess link: https://t.co/Cf9V91VTbx https://t.co/hWHdoq8x9w
@TweetThreatNews
15 Feb 2025
42 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
BeyondTrust reveló que por una falla de seguridad de PostgreSQL hackearon sus sistemas y 17 instancias de SaaS de soporte remoto a principios de diciembre utilizando dos errores de día cero (CVE-2024-12356 y CVE-2024-12686) y una clave API robada. 🧉 https://t.co/ggO4tCAQfc
@MarquisioX
14 Feb 2025
106 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Analysis of #PostgreSQL Zero-Day Vulnerability #CVE-2025-1094 and Its Connection to BeyondTrust #CVE-2024-12356 https://t.co/AWS4Gdm0lT
@UndercodeUpdate
13 Feb 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Our @metasploit exploit module for unauthenticated RCE against BeyondTrust Privileged Remote Access & Remote Support is now available. The exploit can either leverage CVE-2024-12356 and CVE-2025-1094 together, or solely leverage CVE-2025-1094 for RCE: https://t.co/iXW6RsSsDe
@stephenfewer
13 Feb 2025
5092 Impressions
21 Retweets
67 Likes
20 Bookmarks
1 Reply
1 Quote
Today @rapid7 has disclosed CVE-2025-1094, a new PostgreSQL SQLi vuln we discovered while researching CVE-2024-12356 in BeyondTrust Remote Support. Untrusted inputs that have been safely character escaped could still generate SQLi under certain conditions: https://t.co/pfCTejv5oO
@stephenfewer
13 Feb 2025
7909 Impressions
37 Retweets
80 Likes
20 Bookmarks
3 Replies
1 Quote
New Rapid7 vuln disclosure c/o @stephenfewer: CVE-2025-1094 is a SQL injection flaw in PostgreSQL's psql interactive tool that was discovered while analyzing BeyondTrust RS CVE-2024-12356. The bug is interesting — 🧵on its relation to BeyondTrust https://t.co/h4nuEGSGw5
@catc0n
13 Feb 2025
4971 Impressions
17 Retweets
41 Likes
17 Bookmarks
1 Reply
1 Quote
🟡Thousands of BeyondTrust Systems at Risk 8,600+ BeyondTrust instances remain exposed to a critical flaw (CVE-2024-12356, CVSS 9.8) exploited by Chinese APT group Silk Typhoon. Key sectors affected: Government, Defense, Education, Research. ⚠️ Patch now or isolate vulnerable…
@Osec__
18 Jan 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List The vulnerability, tracked as CVE-2024-12356, is a command injection flaw that could be exploited by a malicious actor to run arbitrary commands as the site user. Read More: https://t.co/eyHPmM0fBF
@pinakinit1
15 Jan 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
csirt_it: ‼️ #BeyondTrust: rilevato lo sfruttamento attivo in rete delle CVE-2024-12686 e CVE-2024-12356, relative a #RemoteSupport e #PrivilegedRemoteAccess Rischio: 🔴 Tipologia: 🔸 Remote Code Execution 🔗 https://t.co/dFhjeYWZCJ ⚠ Importante agg… https://t.co/WW6zMr5nl7
@Vulcanux_
14 Jan 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA Orders Agencies to Patch BeyondTrust Vulnerabilities 🚨 Two critical flaws in BeyondTrust's Privileged Remote Access and Remote Support software (CVE-2024-12686 & CVE-2024-12356) are being actively exploited by attackers, including Chinese state-backed group Silk… ht
@arunpratap786
13 Jan 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA flags BeyondTrust vulnerabilities CVE-2024-12686 and CVE-2024-12356 as exploited by Silk Typhoon in a breach affecting the U.S. Treasury. Ensuring network security is crucial! 🔒🇺🇸 #SilkTyphoon #APIsecurity #USTreasury #CybersecurityNews link: https://t.co/jkWGxzGcoV http
@TweetThreatNews
13 Jan 2025
34 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
米国の財務省で発生したデータ侵害:中国 APT が BeyondTrust 経由で侵入? https://t.co/6tWBzXLQDb この、米財務省で発生したデータ侵害の前兆として、BeyondTrust の脆弱性 CVE-2024-12356 の悪用が、数多くのメディアから報道されていました。 いまのことろ、財務省と BeyondTrust… https://t.co/ikkE2edL5y
@iototsecnews
13 Jan 2025
98 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Heads up, cybersecurity pros: 8,600+ BeyondTrust instances are exposed online. Are your systems patched against CVE-2024-12356 & CVE-2024-12686? Manual checks recommended. Stay secure! #CyberSecurity #PatchNow https://t.co/SVlM1TSzyu
@ThreatVector24
7 Jan 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
May the forth never be with you #gforce g0vid #treasurydepartment $napsho_t 1819 1.1T iwant from @meta just figure it out The #BeyondTrust bug, tracked under CVE-2024-12356
@f13ldfx
6 Jan 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Suggested timely Security Copilot prompt: Tell me about CVE-2024-12356 and CVE-2024-12686 that was involved in a recent United States Treasury Department hack by China. Identify if these impact my own environment and give me the CVSS scores that I can include in a report to my… h
@rodtrent
6 Jan 2025
459 Impressions
1 Retweet
5 Likes
2 Bookmarks
0 Replies
0 Quotes
Chinese hackers exploit critical BeyondTrust vulnerability (CVE-2024-12356) targeting exposed systems despite recent US Treasury breach. More details here: https://t.co/t2NGnOAaxY #BeyondTrust #China #USTreasuryBreach
@CandidTodayTech
6 Jan 2025
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12356 is getting exploited #inthewild. Find out more at https://t.co/3uT3uYC4yM CVE-2021-44207 is getting exploited #inthewild. Find out more at https://t.co/rBRpk3iXZi CVE-2024-3393 is getting exploited #inthewild. Find out more at https://t.co/E9g2BcF5E3
@inthewildio
4 Jan 2025
89 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Over 8,600 BeyondTrust systems remain exposed online, with 72% in the US! A critical vulnerability (CVE-2024-12356) is being exploited by Chinese state-sponsored hackers. CVSS 9.8 🔒 #BeyondTrust #CyberThreats #USA #CybersecurityNews link: https://t.co/Mwmcim89Yy https://t.co
@TweetThreatNews
3 Jan 2025
45 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Threat Alert: Chinese hackers breach US treasury- third-party alert triggers cybersecurity pro CVE-2024-12356 Severity: ⚠️ Critical Maturity: 💥 Mainstream Learn more: https://t.co/f4o28axtcx #CyberSecurity #ThreatIntel #InfoSec (1/3)
@fletch_ai
2 Jan 2025
9 Impressions
1 Retweet
0 Likes
0 Bookmarks
1 Reply
0 Quotes
💡 January 2 Advisory: Actively Exploited Vulnerability in #BeyondTrust Products [CVE-2024-12356] https://t.co/zQVudHVEDA via @censysio #infosec #cybersecurity
@jc_vazquez
2 Jan 2025
90 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 U.S. Treasury hacked! Suspected Chinese hackers exploited a stolen API key via BeyondTrust, accessing computers & unclassified docs. Critical flaws (CVE-2024-12356) actively exploited. Treasury works with CISA & FBI. Secure your third-party tools! #DataBreach #APT
@Haa384039
31 Dec 2024
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 BeyondTrust Remote Support and Privileged Remote Access (PRA) Critical Vulnerability (#CVE-2024-12356) https://t.co/Mbx7HwoMdy
@dailycve
30 Dec 2024
43 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Alert: CVE-2024-12356 Command Injection Vulnerability in BeyondTrust RS & PRA 🚨 WIRE TOR - The Ethical Hacking Services A critical command injection vulnerability (CVE-2024-12356) has been identified in BeyondTrust Remote Support (RS) and Privileged Remote. #hac
@WireTor
29 Dec 2024
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-12856 2 - CVE-2024-9047 3 - CVE-2024-3393 4 - CVE-2024-49112 5 - CVE-2024-12356 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
29 Dec 2024
8 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨CVE-2024-12356 : Critical Severity Command Injection Vulnerability in BeyondTrust Remote Support (RS) & Privileged Remote Access (PRA) 🔥EXP : https://t.co/FNxvyXFucp 📊 30k+ Services are found on https://t.co/ysWb28BTvF yearly. 🔗Hunter Link: https://t.co/TAXXM2IjOa
@HunterMapping
27 Dec 2024
3632 Impressions
17 Retweets
63 Likes
17 Bookmarks
4 Replies
1 Quote
CVE-2024-12356, is a critical severity command injection vulnerability. If successfully exploited it can allow an unauthenticated remote threat actor to execute underlying operating system commands within the context of the site user. https://t.co/y2D7CSRGVT
@ChannelSkell
26 Dec 2024
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
تازگی برای محصول (PRA) و Remote Support (RS) آسیب پذیری با کد شناسایی CVE-2024-12356 منتشر شده است. این آسیب پذیری از نوع command injection بوده و به هکرها اجازه می دهد که بدون احراز هویت کامند اجرا کنند. https://t.co/Poz3aKYxT1 https://t.co/EMXd0x7yVc
@AmirHossein_sec
26 Dec 2024
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beyondtrust:privileged_remote_access:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D402E4B5-D3EA-4AD1-8954-92FB6A873906",
"versionEndIncluding": "24.3.1"
},
{
"criteria": "cpe:2.3:a:beyondtrust:remote_support:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AD0D0CD2-E8CE-40B6-B8F0-2FB1A98DA3F8",
"versionEndIncluding": "24.3.1"
}
],
"operator": "OR"
}
]
}
]