Lucene search
+L

261 matches found

BDU FSTEC
BDU FSTEC
added 2025/01/27 12:0 a.m.11 views

The vulnerability of the Remote Support remote support tool and the Privileged Remote Access remote access tool lies in the lack of measures taken to neutralize special elements used in the operating system’s command set. This allows attackers to enhance their privileges and execute arbitrary commands.

The vulnerability of the BeyondTrust Remote Support and Privileged Remote Access software lies in the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to enhance their privileges and execute...

9CVSS8.2AI score0.13788EPSS
Exploits0References2Affected Software2
The Hacker News
The Hacker News
added 2025/01/18 6:6 a.m.8 views

U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Silk Typhoon

The U.S. Treasury Department's Office of Foreign Assets Control OFAC has imposed sanctions against a Chinese cybersecurity company and a Shanghai-based cyber actor for their alleged links to the Salt Typhoon group and the recent compromise of the federal agency. "People's Republic of China-linked...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/01/14 3:21 a.m.16 views

CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added a second security flaw impacting BeyondTrust Privileged Remote Access PRA and Remote Support RS products to the Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The...

9.9CVSS10AI score0.87991EPSS
Exploits8
CISA
CISA
added 2025/01/13 12:0 p.m.24 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-12686link is external BeyondTrust Privileged Remote Access PRA and Remote Support RS OS Command Injection Vulnerability CVE-2023-48365link is external Qlik Sen...

9.9CVSS7.8AI score0.24676EPSS
In wildExploits0References7
CISA KEV Catalog
CISA KEV Catalog
added 2025/01/13 12:0 a.m.12 views

BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability

BeyondTrust Privileged Remote Access PRA and Remote Support RS contain an OS command injection vulnerability that can be exploited by an attacker with existing administrative privileges to upload a malicious file. Successful exploitation of this vulnerability can allow a remote attacker to execut...

7.2CVSS7.8AI score0.13788EPSS
In wildExploits0
BDU FSTEC
BDU FSTEC
added 2025/01/13 12:0 a.m.8 views

The vulnerability of the Remote Support remote support tool and the Privileged Remote Access remote access tool lies in the lack of measures to neutralize special elements, allowing attackers to enhance their privileges and execute arbitrary commands.

The vulnerability of the BeyondTrust Remote Support and Privileged Remote Access software products is related to the failure to take measures to neutralize special elements. Exploiting this vulnerability allows a malicious actor to enhance their privileges and execute arbitrary commands by sendin...

10CVSS8.2AI score0.87991EPSS
Exploits8References5Affected Software2
The Hacker News
The Hacker News
added 2025/01/07 8:43 a.m.5 views

CISA: No Wider Federal Impact from Treasury Cyber Attack, Investigation Ongoing

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday said there are no indications that the cyber attack targeting the Treasury Department impacted other federal agencies. The agency said it's working closely with the Treasury Department and BeyondTrust to get a better...

7.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/01/02 12:0 a.m.26 views

BeyondTrust Remote Support (RS) <= 24.3.1 Command Injection (BT24-10)

The version of BeyondTrust Remote Support RS running on the remote host is prior or equal to 24.3.1. It is, therefore, potentially affected by a command injection vulnerability. - All BeyondTrust Remote Support RS versions contain a command injection vulnerability which can be exploited through a...

9.8CVSS7.4AI score0.87991EPSS
Exploits8References3
Tenable Nessus
Tenable Nessus
added 2025/01/01 12:0 a.m.7 views

BeyondTrust Privileged Remote Access Detection

Binary data beyondtrustprivilegedremoteaccessdetect.nbin...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/01/01 12:0 a.m.17 views

Beyondtrust Remote Support Detection

Binary data beyondtrustremotesupportdetect.nbin...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/01/01 12:0 a.m.7 views

BeyondTrust Privileged Remote Access Unsupported Version Detection

Binary data beyondtrustprivilegedremoteaccessunsupported.nbin...

7.3AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/01/01 12:0 a.m.16 views

BeyondTrust Remote Support Unsupported Version Detection

Binary data beyondtrustremotesupportunsupported.nbin...

7.3AI score
Exploits0References2
The Hacker News
The Hacker News
added 2024/12/31 5:42 a.m.18 views

Chinese APT Exploits BeyondTrust API Key to Access U.S. Treasury Systems and Documents

The United States Treasury Department said it suffered a "major cybersecurity incident" that allowed suspected Chinese threat actors to remotely access some computers and unclassified documents. "On December 8, 2024, Treasury was notified by a third-party software service provider, BeyondTrust,...

9.8CVSS9.7AI score0.87991EPSS
Exploits8
The Hacker News
The Hacker News
added 2024/12/20 4:30 a.m.17 views

CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access PRA and Remote Support RS products to the Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The...

9.8CVSS10AI score0.87991EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
added 2024/12/19 12:0 a.m.38 views

BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability

BeyondTrust Privileged Remote Access PRA and Remote Support RS contain a command injection vulnerability, which can allow an unauthenticated attacker to inject commands that are run as a site user...

9.8CVSS7.8AI score0.87991EPSS
In wildExploits8
Positive Technologies
Positive Technologies
added 2024/12/19 12:0 a.m.4 views

PT-2024-12773 · Beyondtrust · Beyondtrust Remote Support

Name of the Vulnerable Software and Affected Versions: BeyondTrust Remote Support SaaS affected versions not specified Description: A security issue allowed hackers to exploit and breach Remote Support SaaS instances, resulting in the resetting of local account passwords. The incident led to the...

6.9AI score
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/12/19 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-12356

BeyondTrust Privileged Remote Access PRA and Remote Support RS contain a command injection vulnerability, which can allow an unauthenticated attacker to inject commands that are run as a site user...

9.8CVSS5.7AI score0.87991EPSS
Exploits8References1
Circl
Circl
added 2024/12/18 8:30 p.m.13 views

CVE-2024-12686

creationtimestamp| type| source ---|---|--- 2024-12-18 20:30:23+00:00| seen| https://infosec.exchange/users/cve/statuses/113675719318388901 2024-12-18 22:54:10+00:00| seen| https://t.me/cvedetector/13251 2024-12-19 17:22:24+00:00| seen|...

7.2CVSS7.4AI score0.13788EPSS
Exploits0References27
NCSC
NCSC
added 2024/12/18 10:42 a.m.6 views

Vulnerability fixed in BeyondTrust Privileged Remote Access

BeyondTrust has fixed a vulnerability in Privileged Remote Access and Remote Support products. The vulnerability is located within the Privileged Remote Access and Remote Support products, allowing unauthenticated attackers to execute commands as a site user. The attack can lead to unauthorized...

9.8CVSS7.1AI score0.87991EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
added 2024/12/18 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-12686

BeyondTrust Privileged Remote Access PRA and Remote Support RS contain an OS command injection vulnerability that can be exploited by an attacker with existing administrative privileges to upload a malicious file. Successful exploitation of this vulnerability can allow a remote attacker to...

7.2CVSS5.9AI score0.13788EPSS
Exploits0References1
Rows per page
Query Builder