BeyondTrust Breach: Cybersecurity Comedy of Errors Continues with Command Injection Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in BeyondTrust Privileged Remote Access and Remote Support to its catalog. The flaw, which scores a whopping 9.8 on the CVSS scale, allows attackers to inject commands as site users. BeyondTrust is working to patch up the digital dike.
Hot Take:
When it comes to cybersecurity, BeyondTrust might be feeling a bit “BeyondTrustworthy” right now. With vulnerabilities popping up like daisies in spring and hackers playing “Simon Says” with their command injections, it’s time for them to patch up faster than a caffeine-fueled coder on a deadline!
Key Points:
- CISA adds a critical security flaw in BeyondTrust products to the Known Exploited Vulnerabilities catalog.
- The vulnerability (CVE-2024-12356) scores a whopping 9.8 on the CVSS scale.
- The flaw allows malicious actors to run arbitrary commands as the site user.
- BeyondTrust faced a cyber attack earlier this month, leading to unauthorized access to a Remote Support SaaS API key.
- Two vulnerabilities have been identified, with patches released for affected versions.
Already a member? Log in here