好的,我现在需要帮用户总结一篇文章的内容,控制在100个字以内。首先,我得仔细阅读文章,抓住关键点。 文章讲的是BeyondTrust的远程支持和特权远程访问设备存在一个严重的漏洞,CVE-2026-1731,CVSS评分9.9。这个漏洞允许未认证的攻击者执行远程代码,影响版本25.3.1及之前的远程支持和24.3.4及之前的特权访问。 然后,漏洞是在2月6日披露的,SaaS版本已经自动修复,但内部部署的需要手动安装补丁。Hacktron发现了这个漏洞,并在1月31日负责任地报告给了BeyondTrust。大约有11,000个实例暴露在线上。 现在攻击者已经开始利用这个漏洞,特别是在GitHub上发布了PoC之后。攻击者通过特定的请求来触发漏洞,可能导致系统被控制、数据泄露和服务中断。 所以总结的时候要包括:漏洞名称、影响范围、CVSS评分、攻击者无需认证即可利用、修复情况以及当前的利用情况。 接下来我要把这些信息浓缩到100字以内,确保涵盖所有关键点:漏洞名称、影响版本、CVSS评分、攻击方式、修复措施和当前状态。 可能的结构是:描述漏洞及其严重性,影响范围,修复情况以及当前被利用的情况。 最后检查字数是否符合要求,并确保语言简洁明了。 </think> BeyondTrust Remote Support 和 Privileged Remote Access 设备存在严重预认证远程代码执行漏洞(CVE-2026-1731),CVSS 评分为 9.9。该漏洞允许未认证攻击者通过构造请求执行操作系统命令,可能导致系统被接管。SaaS 版本已自动修复,但内部部署需手动更新。目前该漏洞已被活跃利用。 2026-2-12 21:45:17 Author: www.bleepingcomputer.com(查看原文) 阅读量:1 收藏
A critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access appliances is now being exploited in attacks after a PoC was published online.
Tracked as CVE-2026-1731 and assigned a near-maximum CVSS score of 9.9, the flaw affects BeyondTrust Remote Support versions 25.3.1 and earlier and Privileged Remote Access versions 24.3.4 and earlier.
BeyondTrust disclosed the vulnerability on February 6, warning that unauthenticated attackers could exploit it by sending specially crafted client requests.
"BeyondTrust Remote Support and older versions of Privileged Remote Access contain a critical pre-authentication remote code execution vulnerability that may be triggered through specially crafted client requests," explained BeyondTrust.
"Successful exploitation could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user. Successful exploitation requires no authentication or user interaction and may lead to system compromise, including unauthorized access, data exfiltration, and service disruption."
BeyondTrust automatically patched all Remote Support and Privileged Remote Access SaaS instances on February 2, 2026, but on-premise customers must install patches manually.
CVE-2026-1731 is now exploited in the wild
Hacktron discovered the vulnerability and responsibly disclosed it to BeyondTrust on January 31.
Hacktron says approximately 11,000 BeyondTrust Remote Support instances were exposed online, with around 8,500 on-premises deployments.
Ryan Dewhurst, head of threat intelligence at watchTowr, now reports that attackers have begun actively exploiting the vulnerability, warning that if devices are not patched, they should be assumed to be compromised.
"Overnight we observed first in-the-wild exploitation of BeyondTrust across our global sensors," Dewhurst posted on X.
"Attackers are abusing get_portal_info to extract the x-ns-company value before establishing a WebSocket channel."
This exploitation comes a day after a proof-of-concept exploit was published on GitHub targeting the same /get_portal_info endpoint.
The attacks target exposed BeyondTrust portals to retrieve the 'X-Ns-Company' identifier, which is then used to create a websocket to the targeted device. This allows the attackers to execute commands on vulnerable systems.
Organizations using self-hosted BeyondTrust Remote Support or Privileged Remote Access appliances should immediately apply available patches or upgrade to the latest versions.
BleepingComputer contacted BeyondTrust and Dewhurst to ask if they had any details on post-exploitation activity and will update this story if we receive a response.
The future of IT infrastructure is here
Modern IT infrastructure moves faster than manual workflows can handle.
In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.
如有侵权请联系:admin#unsafe.sh