EUVD-2024-51049

🗓️ 18 Dec 2024 20:23:57Reported by EUVDType

Vulnerability discovered in Privileged Remote Access enabling command injection by administrative users.

Reporter	Title	Published	Views	Family All 20
ATTACKERKB	CVE-2024-12686	18 Dec 202400:00	–	attackerkb
BDU FSTEC	The vulnerability of the Remote Support remote support tool and the Privileged Remote Access remote access tool lies in the lack of measures taken to neutralize special elements used in the operating system’s command set. This allows attackers to enhance their privileges and execute arbitrary commands.	27 Jan 202500:00	–	bdu_fstec
Tenable Nessus	BeyondTrust Privileged Remote Access (PRA) <= 24.3.1 Multiple Vulnerabilities	2 Jan 202500:00	–	nessus
Tenable Nessus	BeyondTrust Remote Support (RS) <= 24.3.1 Multiple Vulnerabilities	2 Jan 202500:00	–	nessus
Circl	CVE-2024-12686	18 Dec 202420:30	–	circl
CISA KEV Catalog	BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability	13 Jan 202500:00	–	cisa_kev
CISA	CISA Adds Two Known Exploited Vulnerabilities to Catalog	13 Jan 202512:00	–	cisa
CNNVD	BeyondTrust Privileged Remote Access 安全漏洞	18 Dec 202400:00	–	cnnvd
CVE	CVE-2024-12686	18 Dec 202420:23	–	cve
Cvelist	CVE-2024-12686 Command Injection vulnerability in Remote Support(RS) & Privilege Remote Access (PRA)	18 Dec 202420:23	–	cvelist

[
  {
    "enisaIdVendor": [
      {
        "id": "febd1302-d218-3074-8d6a-0f2f069e1eea",
        "vendor": {
          "name": "BeyondTrust"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "a0fa6857-feab-3c52-8e06-3b1390700b1f",
        "product": {
          "name": "Remote Support(RS) & Privileged Remote Access(PRA)"
        },
        "product_version": "0 ≤24.3.1"
      }
    ]
  }
]

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-12686
beyondtrust	www.beyondtrust.com/trust-center/security-advisories/bt24-11

30 Jul 2025 01:36Current

8.5High risk

Vulners AI Score8.5

CVSS 3.16.6 - 7.2

EPSS0.31531