CISA: Second BeyondTrust Vulnerability Added to KEV Catalog


CISA added a command injection vulnerability (CVE-2024-12686, BT24-11) to its Known Exploited Vulnerabilities (KEV) Catalog and urged federal agencies to apply patches. The flaw was discovered during BeyondTrust’s security investigation following a December 2024 breach of the U.S. Treasury Department linked to the Chinese hacking group Silk Typhoon. The attackers exploited third-party access to steal data. BeyondTrust released patches for both cloud-based and self-hosted versions of its Remote Support and Privileged Remote Access products. The flaw allows attackers with administrative privileges to execute commands on compromised systems.

Read More


thumb-image

Solutions