From e60be7fcfbbcc2dce07aba955525da21efda9d35 Mon Sep 17 00:00:00 2001
From: jenkins-metasploit <jenkins-metasploit@build-production.r7ops.com>
Date: Mon, 17 Feb 2025 16:51:25 +0000
Subject: [PATCH] automatic module_metadata_base.json update

---
 db/modules_metadata_base.json | 62 +++++++++++++++++++++++++++++++++++
 1 file changed, 62 insertions(+)

diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
index 52c06aca10..5f09c9a172 100644
--- a/db/modules_metadata_base.json
+++ b/db/modules_metadata_base.json
@@ -70682,6 +70682,68 @@
     "session_types": false,
     "needs_cleanup": null
   },
+  "exploit_linux/http/beyondtrust_pra_rs_unauth_rce": {
+    "name": "BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) unauthenticated Remote Code Execution",
+    "fullname": "exploit/linux/http/beyondtrust_pra_rs_unauth_rce",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2024-12-16",
+    "type": "exploit",
+    "author": [
+      "sfewer-r7"
+    ],
+    "description": "This exploit achieves unauthenticated remote code execution against BeyondTrust Privileged Remote\n          Access (PRA) and Remote Support (RS), with the privileges of the site user of the targeted BeyondTrust\n          product site. This exploit targets PRA and RS versions 24.3.1 and below.",
+    "references": [
+      "CVE-2024-12356",
+      "CVE-2025-1094",
+      "URL-https://www.beyondtrust.com/trust-center/security-advisories/bt24-10",
+      "URL-https://www.postgresql.org/support/security/CVE-2025-1094/",
+      "URL-https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis"
+    ],
+    "platform": "Linux,Unix",
+    "arch": "cmd",
+    "rport": 443,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Default"
+    ],
+    "mod_time": "2025-02-17 16:33:11 +0000",
+    "path": "/modules/exploits/linux/http/beyondtrust_pra_rs_unauth_rce.rb",
+    "is_install_path": true,
+    "ref_name": "linux/http/beyondtrust_pra_rs_unauth_rce",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null
+  },
   "exploit_linux/http/bitbucket_git_cmd_injection": {
     "name": "Bitbucket Git Command Injection",
     "fullname": "exploit/linux/http/bitbucket_git_cmd_injection",