{"id":1004824,"date":"2023-11-06T19:34:41","date_gmt":"2023-11-06T21:34:41","guid":{"rendered":"https:\/\/teknomers.com\/fr\/qnap-publie-un-correctif-pour-2-failles-critiques-menacant-vos-appareils-nas\/"},"modified":"2023-11-06T19:34:45","modified_gmt":"2023-11-06T21:34:45","slug":"qnap-publie-un-correctif-pour-2-failles-critiques-menacant-vos-appareils-nas","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/qnap-publie-un-correctif-pour-2-failles-critiques-menacant-vos-appareils-nas\/","title":{"rendered":"QNAP publie un correctif pour 2 failles critiques mena\u00e7ant vos appareils NAS"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">06 novembre 2023<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">R\u00e9daction<\/span><\/span><span class=\"p-tags\">Vuln\u00e9rabilit\u00e9 \/ S\u00e9curit\u00e9 des donn\u00e9es<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/11\/QNAP-publie-un-correctif-pour-2-failles-critiques-menacant-vos.jpg\" style=\"clear: left; display: block; float: left; text-align: center;\"><\/a><\/div>\n<p>QNAP a publi\u00e9 des mises \u00e0 jour de s\u00e9curit\u00e9 pour corriger deux failles de s\u00e9curit\u00e9 critiques affectant son syst\u00e8me d&#8217;exploitation et pouvant entra\u00eener l&#8217;ex\u00e9cution de code arbitraire.<\/p>\n<p>Suivi comme <a rel=\"nofollow noopener\" href=\"https:\/\/www.qnap.com\/en-uk\/security-advisory\/qsa-23-31\" target=\"_blank\">CVE-2023-23368<\/a> (score CVSS : 9,8), la vuln\u00e9rabilit\u00e9 est d\u00e9crite comme un bug d&#8217;injection de commandes affectant QTS, QuTS hero et QuTScloud.<\/p>\n<p>&#8220;Si elle est exploit\u00e9e, cette vuln\u00e9rabilit\u00e9 pourrait permettre \u00e0 des attaquants distants d&#8217;ex\u00e9cuter des commandes via un r\u00e9seau&#8221;, a d\u00e9clar\u00e9 la soci\u00e9t\u00e9 dans un avis publi\u00e9 ce week-end.<\/p>\n<p>La lacune s&#8217;\u00e9tend aux versions ci-dessous &#8211;<\/p>\n<ul>\n<li>QTS 5.0.x (corrig\u00e9 dans QTS 5.0.1.2376 build 20230421 et versions ult\u00e9rieures)<\/li>\n<li>QTS 4.5.x (corrig\u00e9 dans QTS 4.5.4.2374 build 20230416 et versions ult\u00e9rieures)<\/li>\n<li>QuTS hero h5.0.x (Corrig\u00e9 dans QuTS hero h5.0.1.2376 build 20230421 et versions ult\u00e9rieures)<\/li>\n<li>QuTS hero h4.5.x (Corrig\u00e9 dans QuTS hero h4.5.4.2374 build 20230417 et versions ult\u00e9rieures)<\/li>\n<li>QuTScloud c5.0.x (corrig\u00e9 dans QuTScloud c5.0.1.2374 et versions ult\u00e9rieures)<\/li>\n<\/ul>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/wiz-inside-desk\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/11\/Turla-met-a-jour-la-porte-derobee-Kazuar-avec-une.png\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>QNAP a \u00e9galement corrig\u00e9 une autre faille d&#8217;injection de commandes dans QTS, la console multim\u00e9dia et le module compl\u00e9mentaire Media Streaming (<a rel=\"nofollow noopener\" href=\"https:\/\/www.qnap.com\/en-uk\/security-advisory\/qsa-23-35\" target=\"_blank\">CVE-2023-23369<\/a>score CVSS : 9,0) qui pourrait permettre \u00e0 des attaquants distants d&#8217;ex\u00e9cuter des commandes via un r\u00e9seau.<\/p>\n<p>Les versions suivantes du logiciel sont concern\u00e9es &#8211;<\/p>\n<ul>\n<li>QTS 5.1.x (corrig\u00e9 dans QTS 5.1.0.2399 build 20230515 et versions ult\u00e9rieures)<\/li>\n<li>QTS 4.3.6 (Corrig\u00e9 dans QTS 4.3.6.2441 build 20230621 et versions ult\u00e9rieures)<\/li>\n<li>QTS 4.3.4 (Corrig\u00e9 dans QTS 4.3.4.2451 build 20230621 et versions ult\u00e9rieures)<\/li>\n<li>QTS 4.3.3 (Corrig\u00e9 dans QTS 4.3.3.2420 build 20230621 et versions ult\u00e9rieures)<\/li>\n<li>QTS 4.2.x (corrig\u00e9 dans QTS 4.2.6 build 20230621 et versions ult\u00e9rieures)<\/li>\n<li>Console multim\u00e9dia 2.1.x (corrig\u00e9 dans la console multim\u00e9dia 2.1.2 (04\/05\/2023) et versions ult\u00e9rieures)<\/li>\n<li>Console multim\u00e9dia 1.4.x (corrig\u00e9 dans la console multim\u00e9dia 1.4.8 (05\/05\/2023) et versions ult\u00e9rieures)<\/li>\n<li>Module compl\u00e9mentaire Media Streaming 500.1.x (corrig\u00e9 dans le module compl\u00e9mentaire Media Streaming 500.1.1.2 (2023\/06\/12) et versions ult\u00e9rieures)<\/li>\n<li>Module compl\u00e9mentaire Media Streaming 500.0.x (corrig\u00e9 dans le module compl\u00e9mentaire Media Streaming 500.0.0.11 (2023\/06\/16) et versions ult\u00e9rieures)<\/li>\n<\/ul>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/pjHvTZON\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/11\/Turla-met-a-jour-la-porte-derobee-Kazuar-avec-une.gif\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>Les appareils QNAP ayant \u00e9t\u00e9 exploit\u00e9s pour des attaques de ransomware dans le pass\u00e9, les utilisateurs ex\u00e9cutant l&#8217;une des versions susmentionn\u00e9es sont invit\u00e9s \u00e0 mettre \u00e0 jour vers la derni\u00e8re version pour att\u00e9nuer les menaces potentielles.<\/p>\n<p>Le d\u00e9veloppement intervient des semaines apr\u00e8s que la soci\u00e9t\u00e9 ta\u00efwanaise <a rel=\"nofollow noopener\" href=\"https:\/\/www.qnap.com\/en\/security-news\/2023\/qnap-in-collaboration-with-digital-ocean-successfully-prevents-nas-weak-password-attacks-to-ensure-user-data-security\" target=\"_blank\">divulgu\u00e9<\/a> il a supprim\u00e9 un serveur malveillant utilis\u00e9 dans des attaques par force brute g\u00e9n\u00e9ralis\u00e9es ciblant des p\u00e9riph\u00e9riques de stockage en r\u00e9seau (NAS) expos\u00e9s \u00e0 Internet avec des mots de passe faibles.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2023\/11\/qnap-releases-patch-for-2-critical.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80206 novembre 2023\ue804R\u00e9dactionVuln\u00e9rabilit\u00e9 \/ S\u00e9curit\u00e9 des donn\u00e9es QNAP a publi\u00e9 des mises \u00e0 jour de s\u00e9curit\u00e9 pour corriger deux failles de s\u00e9curit\u00e9 critiques affectant son syst\u00e8me d&#8217;exploitation et pouvant entra\u00eener l&#8217;ex\u00e9cution de code arbitraire. Suivi comme CVE-2023-23368 (score CVSS : 9,8), la vuln\u00e9rabilit\u00e9 est d\u00e9crite comme un bug d&#8217;injection de commandes affectant QTS, QuTS hero [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1004825,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[200292,8737,4168,32471,5729,4165,4161,200267,4806,4159,4171,200271,3499,200268,5266,200269,200270,185,2212,27510,128318,4172,4169,4166,690,4164],"class_list":["post-1004824","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-actualites-sur-la-cybersecurite","tag-appareils","tag-comment-pirater","tag-correctif","tag-critiques","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-cyberactualites","tag-failles","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-logiciel-malveillant-rancongiciel","tag-menacant","tag-mises-a-jour-sur-la-cybersecurite","tag-nas","tag-nouvelles-des-pirates","tag-nouvelles-sur-le-piratage","tag-pour","tag-publie","tag-qnap","tag-securite-des-informations","tag-securite-informatique","tag-securite-internet","tag-violation-de-donnees","tag-vos","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1004824","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=1004824"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1004824\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/1004825"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=1004824"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=1004824"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=1004824"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}