AI Security AI安全 3d ago Updated 3d ago 更新于 3天前 42

BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA BeyondTrust 修复远程支持和 PRA 中的关键身份验证绕过漏洞

BeyondTrust patched four critical vulnerabilities in Remote Support and Privileged Remote Access products, including two allowing unauthenticated remote code execution via auth bypass. The vulnerabilities were discovered internally during security assessments with assistance from public AI models like Anthropic Claude Opus 4.8 and proprietary tools. CVE-2026-40138 and CVE-2026-40139 (CVSS 9.2) enable full appliance takeover, while CVE-2026-40140 causes denial-of-service and CVE-2026-40141 allows BeyondTrust修复了Remote Support和PRA产品中的多个关键漏洞,包括允许未认证攻击者绕过身份验证并获取设备控制权的严重缺陷。 漏洞利用主要依赖于特定的身份验证配置或受限权限账户,其中两个高危漏洞(CVSS 9.2)涉及预认证阶段的访问控制绕过。 此次安全评估得到了Anthropic Claude Opus 4.8等公开AI模型的协助,体现了AI在内部安全审计和漏洞发现中的应用。 尽管目前未发现野外利用案例,但鉴于该系列产品过往常被用于部署Web Shell和后门,建议用户立即升级至修复版本。

65
Hot 热度
60
Quality 质量
55
Impact 影响力

Analysis 深度分析

TL;DR

  • BeyondTrust patched four critical vulnerabilities in Remote Support and Privileged Remote Access products, including two allowing unauthenticated remote code execution via auth bypass.
  • The vulnerabilities were discovered internally during security assessments with assistance from public AI models like Anthropic Claude Opus 4.8 and proprietary tools.
  • CVE-2026-40138 and CVE-2026-40139 (CVSS 9.2) enable full appliance takeover, while CVE-2026-40140 causes denial-of-service and CVE-2026-40141 allows privilege escalation for limited users.
  • Updates are available in Remote Support and PRA version 25.3.3 and above, addressing risks highlighted by previous exploits targeting similar products.

Why It Matters

This incident highlights the growing integration of generative AI into enterprise security workflows, specifically for vulnerability discovery and code auditing. For security practitioners, it underscores the urgency of patching privileged access management tools, which are high-value targets for attackers seeking lateral movement and persistent access.

Technical Details

  • CVE-2026-40138 & CVE-2026-40139 (CVSS 9.2): Pre-authentication flaws in the authentication subsystem allowing unauthenticated attackers to bypass access controls and gain elevated privileges, contingent on specific authentication configurations.
  • CVE-2026-40140 (CVSS 8.7): A denial-of-service vulnerability in the network communication subsystem due to insufficient validation of client-supplied input.
  • CVE-2026-40141 (CVSS 8.5): An authorization bypass in the web application component allowing authenticated users with limited privileges to access unintended resources.
  • Remediation: Users must upgrade to Remote Support and Privileged Remote Access versions 25.3.3 or higher.
  • Discovery Method: Vulnerabilities were identified using a combination of proprietary research tooling and public AI models, notably Anthropic Claude Opus 4.8.

Industry Insight

  • AI-Assisted Security Validation: The explicit mention of using large language models for internal security assessments signals a shift toward AI-augmented threat hunting and code review, requiring organizations to evaluate the efficacy and safety of such tools.
  • Supply Chain Risk in PAM Solutions: Privileged Access Management tools remain critical infrastructure; organizations should prioritize immediate patching and monitor for exploit kits targeting these specific CVEs, given the history of similar BeyondTrust flaws being weaponized.
  • Configuration Dependency: The reliance on specific configurations for exploitation suggests that hardening authentication settings can serve as an effective compensating control while patches are deployed.

TL;DR

  • BeyondTrust修复了Remote Support和PRA产品中的多个关键漏洞,包括允许未认证攻击者绕过身份验证并获取设备控制权的严重缺陷。
  • 漏洞利用主要依赖于特定的身份验证配置或受限权限账户,其中两个高危漏洞(CVSS 9.2)涉及预认证阶段的访问控制绕过。
  • 此次安全评估得到了Anthropic Claude Opus 4.8等公开AI模型的协助,体现了AI在内部安全审计和漏洞发现中的应用。
  • 尽管目前未发现野外利用案例,但鉴于该系列产品过往常被用于部署Web Shell和后门,建议用户立即升级至修复版本。

为什么值得看

本文揭示了大型企业在内部安全审计中整合通用大语言模型(如Claude Opus 4.8)以增强漏洞发现能力的实际案例,为AI辅助网络安全提供了参考。同时,针对特权远程访问产品的关键身份验证绕过漏洞警示了企业需严格审查默认配置和补丁管理策略,以防潜在的高级持续性威胁。

技术解析

  • 漏洞详情与风险等级:修复了四个关键CVE,其中CVE-2026-40138和CVE-2026-40139的CVSS评分高达9.2,属于预认证漏洞,允许网络定位的攻击者在特定配置下绕过访问控制获取提升的特权;CVE-2026-40140(CVSS 8.7)可导致拒绝服务;CVE-2026-40141(CVSS 8.5)允许低权限用户越权访问数据。
  • AI辅助安全评估:BeyondTrust明确指出,其内部安全评估过程使用了Anthropic Claude Opus 4.8等公共AI模型以及专有研究工具来识别这些漏洞,展示了生成式AI在企业级代码审计和安全测试中的集成应用。
  • 受影响版本与修复方案:受影响的软件包括Remote Support (RS) 和 Privileged Remote Access (PRA)。修复版本为RS 25.3.3及以上和PRA 25.3.3及以上,旧版本(25.3.2及更低)存在风险。
  • 历史背景与威胁情报:虽然当前漏洞未被证实正在被野外利用,但该系列产品历史上曾频繁遭受针对CVE-2024-12356和CVE-2026-1731的攻击,攻击者常借此部署Web Shell和后门,因此紧急修补至关重要。

行业启示

  • AI赋能安全运营:企业应积极探索将LLM集成到DevSecOps流程中,特别是在代码审查、模糊测试和日志分析环节,以提升自动化安全检测的效率覆盖面。
  • 配置管理与最小权限原则:鉴于多个高危漏洞依赖于“特定身份验证配置”,企业必须定期审计远程访问产品的配置状态,禁用不必要的功能,并遵循最小权限原则以降低攻击面。
  • 补丁管理的紧迫性:对于涉及特权访问和远程控制的基础设施软件,即使厂商暂未报告野外利用,也应建立快速响应机制,优先应用关键安全补丁,防止成为后续大规模攻击的目标。

Disclaimer: The above content is generated by AI and is for reference only. 免责声明:以上内容由 AI 生成,仅供参考。

Security 安全