CISA Warns of Second BeyondTrust Vulnerability Exploited in Attacks - SecurityWeek

CISA warns of active exploitation of CVE-2024-12686, a command injection flaw in BeyondTrust solutions, following a previous vulnerability exploited by Chinese hackers. Federal agencies have three weeks to patch the vulnerability, while all organizations are advised to prioritize patching or remove affected products.