// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-wedgDTG 0600Z
ColdRecon / Breach Radar / BeyondTrust
Breach Record

BeyondTrust

DISCLOSED 2024-12-19 · UNPATCHED CVE

Attackers breached BeyondTrust's Remote Support SaaS instances using a compromised API key, enabling password resets of local accounts. Two command injection vulnerabilities (CVE-2024-12686 and CVE-2024-12356) were subsequently disclosed, with CVE-2024-12356 added to CISA's Known Exploited Vulnerabilities catalog. The incident highlights risks in privileged access management tools.

The record

What we know

Disclosed
2024-12-19
Attack vector
Unpatched Cve
Sources

Cited reporting

Similar vector · recent

Other unpatched cve breaches on file

This page is the permanent ColdRecon entry for the BeyondTrust disclosure. It updates if new public reporting emerges. All tracked breaches →

BeyondTrust just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →