Attackers have been exploiting a second vulnerability in BeyondTrust’s remote management solutions, CISA warns.
January 14, 2025 By Ionut Arghire
The US cybersecurity agency CISA is urging federal agencies to patch a second vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) enterprise solutions, based on evidence of active exploitation.
Tracked as CVE-2024-12686, the flaw is a medium-severity command injection issue that was discovered during BeyondTrust’s investigation into the compromise of a limited number of customer RS SaaS instances, including one associated with the US Department of Treasury.
The attack on the US Treasury was disclosed on December 31 and was attributed to Chinese hackers. The state-sponsored threat actor known as Silk Typhoon was reportedly responsible for the intrusion.
