CVE-2024-12686 MEDIUM

CVE-2024-12686: Command Injection vulnerability in Remote Support(RS) & Privilege Remote Access (PRA)

Vendor Beyondtrust

Product Remote Support(RS) & Privileged Remote Access(PRA)

Weakness CWE-78

KEV Status Known Exploited

Published December 18, 2024

Last update October 21, 2025

View on NVD All CVEs

CVSS base score

6.6/10

Attack vector Network

Attack complexity High

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.

CISA mandated remediation

02CISA Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Key dates

03Disclosure timeline

December 18, 2024 CVE published

October 21, 2025 Record updated

External resources

04References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-12686 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html CISA KEV Reference https://www.beyondtrust.com/trust-center/security-advisories/b… CISA KEV Reference https://nvd.nist.gov/vuln/detail/CVE-2024-12686

Related vulnerabilities

Identifiers

CVE CVE-2024-12686

CWE CWE-78

CVSS 6.6 / MEDIUM

Affected versions