{"id":1008678,"date":"2023-11-09T06:31:44","date_gmt":"2023-11-09T08:31:44","guid":{"rendered":"https:\/\/teknomers.com\/fr\/alertes-cisa-une-vulnerabilite-slp-de-haute-gravite-est-desormais-exploitee-activement\/"},"modified":"2023-11-09T06:31:48","modified_gmt":"2023-11-09T08:31:48","slug":"alertes-cisa-une-vulnerabilite-slp-de-haute-gravite-est-desormais-exploitee-activement","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/alertes-cisa-une-vulnerabilite-slp-de-haute-gravite-est-desormais-exploitee-activement\/","title":{"rendered":"Alertes CISA\u00a0: une vuln\u00e9rabilit\u00e9 SLP de haute gravit\u00e9 est d\u00e9sormais exploit\u00e9e activement"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">09 novembre 2023<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">R\u00e9daction<\/span><\/span><span class=\"p-tags\">Cyberattaque\/vuln\u00e9rabilit\u00e9<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/11\/Alertes-CISA-une-vulnerabilite-SLP-de-haute-gravite-est-desormais.jpg\" style=\"clear: left; display: block; float: left; text-align: center;\"><\/a><\/div>\n<p>L&#8217;Agence am\u00e9ricaine de cybers\u00e9curit\u00e9 et de s\u00e9curit\u00e9 des infrastructures (CISA) a publi\u00e9 mercredi <a rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2023\/11\/08\/cisa-adds-one-known-exploited-vulnerability-catalog\" target=\"_blank\">ajout\u00e9e<\/a> une faille de haute gravit\u00e9 dans le protocole SLP (Service Location Protocol) de son catalogue de vuln\u00e9rabilit\u00e9s exploit\u00e9es connues (KEV), citant des preuves d&#8217;exploitation active.<\/p>\n<p>Suivi comme <a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-29552\" target=\"_blank\"><strong>CVE-2023-29552<\/strong><\/a>  (score CVSS : 7,5), le probl\u00e8me est li\u00e9 \u00e0 une vuln\u00e9rabilit\u00e9 de d\u00e9ni de service (DoS) qui pourrait \u00eatre utilis\u00e9e pour lancer des attaques massives d&#8217;amplification DoS.<\/p>\n<p>Cela a \u00e9t\u00e9 divulgu\u00e9 par Bitsight et Curesec plus t\u00f4t en avril.<\/p>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/4WnFxcNN\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/11\/Les-experts-mettent-en-garde-contre-les-pirates-de-ransomware.png\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>&#8220;Le Service Location Protocol (SLP) contient une vuln\u00e9rabilit\u00e9 de d\u00e9ni de service (DoS) qui pourrait permettre \u00e0 un attaquant distant non authentifi\u00e9 d&#8217;enregistrer des services et d&#8217;utiliser du trafic UDP usurp\u00e9 pour mener une attaque par d\u00e9ni de service (DoS) avec un impact significatif. facteur d&#8217;amplification&#8221;, CISA <a rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\" target=\"_blank\">dit<\/a>.<\/p>\n<p>SLP est un protocole qui permet aux syst\u00e8mes d&#8217;un r\u00e9seau local (LAN) de se d\u00e9couvrir et d&#8217;\u00e9tablir des communications.<\/p>\n<p>Les d\u00e9tails exacts concernant la nature de l&#8217;exploitation de la faille sont actuellement inconnus, mais Bitsight avait pr\u00e9c\u00e9demment averti que la faille pourrait \u00eatre exploit\u00e9e pour mettre en sc\u00e8ne un DoS avec un facteur d&#8217;amplification \u00e9lev\u00e9.<\/p>\n<p>&#8220;Ce facteur d&#8217;amplification extr\u00eamement \u00e9lev\u00e9 permet \u00e0 un acteur malveillant disposant de ressources insuffisantes d&#8217;avoir un impact significatif sur un r\u00e9seau et\/ou un serveur cibl\u00e9 via une attaque d&#8217;amplification DoS par r\u00e9flexion&#8221;, pr\u00e9cise-t-il. <a rel=\"nofollow noopener\" href=\"https:\/\/www.bitsight.com\/blog\/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp\" target=\"_blank\">dit<\/a>.<\/p>\n<p>\u00c0 la lumi\u00e8re des attaques r\u00e9elles utilisant cette faille, les agences f\u00e9d\u00e9rales sont tenues d&#8217;appliquer les mesures d&#8217;att\u00e9nuation n\u00e9cessaires, notamment la d\u00e9sactivation du service SLP sur les syst\u00e8mes fonctionnant sur des r\u00e9seaux non fiables, d&#8217;ici le 29 novembre 2023, afin de s\u00e9curiser leurs r\u00e9seaux contre les menaces potentielles.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2023\/11\/cisa-alerts-high-severity-slp.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80209 novembre 2023\ue804R\u00e9dactionCyberattaque\/vuln\u00e9rabilit\u00e9 L&#8217;Agence am\u00e9ricaine de cybers\u00e9curit\u00e9 et de s\u00e9curit\u00e9 des infrastructures (CISA) a publi\u00e9 mercredi ajout\u00e9e une faille de haute gravit\u00e9 dans le protocole SLP (Service Location Protocol) de son catalogue de vuln\u00e9rabilit\u00e9s exploit\u00e9es connues (KEV), citant des preuves d&#8217;exploitation active. Suivi comme CVE-2023-29552 (score CVSS : 7,5), le probl\u00e8me est li\u00e9 \u00e0 une [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1008679,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[4807,200292,4804,4805,4168,4165,4161,200267,4300,40,36372,11128,11685,4159,4171,200271,200268,200269,200270,128318,4172,4169,158509,196,4166,3667,4164],"class_list":["post-1008678","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-activement","tag-actualites-sur-la-cybersecurite","tag-alertes","tag-cisa","tag-comment-pirater","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-cyberactualites","tag-desormais","tag-est","tag-exploitee","tag-gravite","tag-haute","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-logiciel-malveillant-rancongiciel","tag-mises-a-jour-sur-la-cybersecurite","tag-nouvelles-des-pirates","tag-nouvelles-sur-le-piratage","tag-securite-des-informations","tag-securite-informatique","tag-securite-internet","tag-slp","tag-une","tag-violation-de-donnees","tag-vulnerabilite","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1008678","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=1008678"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1008678\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/1008679"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=1008678"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=1008678"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=1008678"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}