Read more at source.
Read more at source.
The BeyondTrust alert identified two exploited vulnerabilities: the critical command injection vulnerability 'CVE-2024-12356' and the medium-severity command injection vulnerability 'CVE-2024-12686'. Command injection vulnerabilities are common application flaws that can be easily exploited to gain access to a target's systems. Despite being common, their presence in a secure remote access product intended for government use has raised eyebrows.
BeyondTrust is a Federal Risk and Authorization Management Program (FedRAMP) vendor. There's speculation that the Treasury may have been using a non-FedRAMP version of BeyondTrust's products. If the breach affected FedRAMP-certified cloud infrastructure, it might be the first breach of one and almost certainly the first time FedRAMP cloud tools were abused to facilitate remote access to a customer's systems.
This breach comes amid US officials' scramble to address a massive espionage campaign compromising US telecoms, attributed to the China-backed hacking group known as Salt Typhoon. White House officials reported that Salt Typhoon breached nine US telecoms.
I cannot believe that we're seeing command injection vulnerabilities in 2024 in any products, let alone a secure remote access product that's supposed to have additional vetting for use by the US government. They are some of the easiest bugs to identify and remediate at this point. - Jake Williams, Vice President of Research and Development at Hunter Strategy
