HomeVulnerabilityCISA Provides Second BeyondTrust Flaw to KEV Catalog Amid Lively Attacks

CISA Provides Second BeyondTrust Flaw to KEV Catalog Amid Lively Attacks

The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Monday added a second security flaw impacting BeyondTrust Privileged Distant Entry (PRA) and Distant Help (RS) merchandise to the Recognized Exploited Vulnerabilities (KEV) catalog, citing proof of lively exploitation within the wild.

The vulnerability in query is CVE-2024-12686 (CVSS rating: 6.6), a medium-severity bug that might enable an attacker with current administrative privileges to inject instructions and run as a website person.

Cybersecurity

“BeyondTrust Privileged Distant Entry (PRA) and Distant Help (RS) include an OS command injection vulnerability that may be exploited by an attacker with current administrative privileges to add a malicious file,” CISA mentioned.

“Profitable exploitation of this vulnerability can enable a distant attacker to execute underlying working system instructions throughout the context of the positioning person.”

The addition of CVE-2024-12686 to the KEV catalog comes practically a month after it added one other important security flaw impacting the identical product (CVE-2024-12356, CVSS rating: 9.8) that might additionally result in the execution of arbitrary instructions.

See also  Cloudflare Customers Uncovered to Attacks Launched From Inside Cloudflare: Researchers

BeyondTrust mentioned each vulnerabilities have been found as a part of its investigation right into a cyber incident in early December 2024 that concerned malicious actors leveraging a compromised Distant Help SaaS API key to breach a number of the situations, and reset passwords for native utility accounts.

Though the API key has since been revoked, the precise method wherein the important thing was compromised stays unknown as but. It is suspected that the risk actors exploited the 2 flaws as zero-days to interrupt into BeyondTrust techniques.

Earlier this month, the U.S. Treasury Division revealed its community was breached utilizing the compromised API key in what it mentioned was a “main cybersecurity incident.” The hack has been pinned on a Chinese language state-sponsored group referred to as Silk Hurricane (aka Hafnium).

Cybersecurity

The risk actors are believed to have particularly focused the Treasury’s Workplace of Overseas Property Management (OFAC), Workplace of Monetary Analysis, and the Committee on Overseas Funding in the USA (CFIUS), in accordance with a number of stories from the Washington Publish and CNN.

See also  New TCESB Malware Present in Lively Attacks Exploiting ESET Safety Scanner

Additionally added to the KEV catalog is a now-patched important security vulnerability affecting Qlik Sense (CVE-2023-48365, CVSS rating: 9.9) that enables an attacker to escalate privileges and execute HTTP requests on the backend server internet hosting the software program.

It is price noting that the security flaw has been actively exploited previously by the Cactus ransomware group. Federal businesses are required to use the required patches by February 3, 2024, to safe their networks in opposition to lively threats.

- Advertisment -spot_img
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular