Pierluigi Paganini
January 13, 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog:
CVE-2024-12686 (CVSS score of 6.6) The flaw is an OS Command Injection Vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS). An attacker with existing administrative privileges can exploit the flaw to upload a malicious file. Successful exploitation of this vulnerability can allow a remote attacker to execute underlying operating system commands within the context of the site user. In early December 2024, the privileged access management company BeyondTrust suffered a cyberattack after threat actors breached some of its Remote Support SaaS instances.
In December, China-linked threat actors breached the U.S. Treasury Department via a compromised remote support platform. The Treasury Department discovered the security breach on December 8th from its vendor BeyondTrust, according to a letter to lawmakers.
The investigation into the cyberattack against BeyondTrust led to the discovery of the zero-day vulnerabilities CVE-2024-12356 and CVE-2024-12686. Threat actors exploited the flaws to take over Remote Support SaaS instances, including the Treasury Department’s one.
CVE-2023-48365 (CVSS score of 9.6) is a Qlik Sense HTTP Tunneling Vulnerability. TheHTTP tunneling vulnerability enables attackers to escalate privileges and send HTTP requests to the backend server.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
CISA orders federal agencies to fix this vulnerability by February 3, 2025.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, CISA Known Exploited Vulnerabilities catalog)
