{"id":1017144,"date":"2023-11-15T03:25:49","date_gmt":"2023-11-15T05:25:49","guid":{"rendered":"https:\/\/teknomers.com\/fr\/urgent-vmware-met-en-garde-contre-une-vulnerabilite-critique-de-cloud-director-non-corrigee\/"},"modified":"2023-11-15T03:25:53","modified_gmt":"2023-11-15T05:25:53","slug":"urgent-vmware-met-en-garde-contre-une-vulnerabilite-critique-de-cloud-director-non-corrigee","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/urgent-vmware-met-en-garde-contre-une-vulnerabilite-critique-de-cloud-director-non-corrigee\/","title":{"rendered":"Urgent\u00a0: VMware met en garde contre une vuln\u00e9rabilit\u00e9 critique de Cloud\u00a0Director non corrig\u00e9e"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">15 novembre 2023<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">R\u00e9daction<\/span><\/span><span class=\"p-tags\">S\u00e9curit\u00e9 r\u00e9seau \/ Vuln\u00e9rabilit\u00e9<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/11\/Urgent-VMware-met-en-garde-contre-une-vulnerabilite-critique-de.jpg\" style=\"clear: left; display: block; float: left; text-align: center;\"><\/a><\/div>\n<p>VMware met en garde contre une faille de s\u00e9curit\u00e9 critique et non corrig\u00e9e dans Cloud Director qui pourrait \u00eatre exploit\u00e9e par un acteur malveillant pour contourner les protections d&#8217;authentification.<\/p>\n<p>Suivi comme <strong>CVE-2023-34060<\/strong> (score CVSS : 9,8), la vuln\u00e9rabilit\u00e9 affecte les instances qui ont \u00e9t\u00e9 mises \u00e0 niveau vers la version 10.5 \u00e0 partir d&#8217;une ancienne version.<\/p>\n<p>&#8220;Sur une version mise \u00e0 niveau de VMware Cloud Director Appliance 10.5, un acteur malveillant ayant un acc\u00e8s r\u00e9seau \u00e0 l&#8217;appliance peut contourner les restrictions de connexion lors de l&#8217;authentification sur le port 22 (ssh) ou le port 5480 (console de gestion de l&#8217;appliance)&#8221;, indique la soci\u00e9t\u00e9. <a rel=\"nofollow noopener\" href=\"https:\/\/www.vmware.com\/security\/advisories\/VMSA-2023-0026.html\" target=\"_blank\">dit<\/a> dans une alerte.<\/p>\n<p>&#8220;Ce contournement n&#8217;est pas pr\u00e9sent sur le port 443 (connexion du fournisseur VCD et du locataire). Sur une nouvelle installation de VMware Cloud Director Appliance 10.5, le contournement n&#8217;est pas pr\u00e9sent.&#8221;<\/p>\n<p>La soci\u00e9t\u00e9 de services de virtualisation a en outre not\u00e9 que l&#8217;impact est d\u00fb au fait qu&#8217;elle utilise une version de SSD du syst\u00e8me d&#8217;exploitation Photon sous-jacent qui est affect\u00e9e par <a rel=\"nofollow noopener\" href=\"https:\/\/github.com\/vmware\/photon\/wiki\/security-advisory-CVE-2023-34060\" target=\"_blank\">CVE-2023-34060<\/a>.<\/p>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/pjHvTZON\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/11\/Turla-met-a-jour-la-porte-derobee-Kazuar-avec-une.gif\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>Dustin Hartle du fournisseur de solutions informatiques Ideal Integrations a \u00e9t\u00e9 reconnu pour avoir d\u00e9couvert et signal\u00e9 les lacunes.<\/p>\n<p>Bien que VMware n&#8217;ait pas encore publi\u00e9 de correctif pour le probl\u00e8me, il a fourni un <a rel=\"nofollow noopener\" href=\"https:\/\/kb.vmware.com\/s\/article\/95534\" target=\"_blank\">solution de contournement<\/a> sous la forme d&#8217;un script shell (&#8220;WA_CVE-2023-34060.sh&#8221;).<\/p>\n<p>Il a \u00e9galement soulign\u00e9 que la mise en \u0153uvre de l&#8217;att\u00e9nuation temporaire ne n\u00e9cessiterait pas de temps d&#8217;arr\u00eat et n&#8217;aurait aucun effet secondaire sur la fonctionnalit\u00e9 des installations de Cloud Director.<\/p>\n<p>Ce d\u00e9veloppement intervient quelques semaines apr\u00e8s que VMware a publi\u00e9 des correctifs pour une autre faille critique dans vCenter Server (CVE-2023-34048, score CVSS : 9,8) qui pourrait entra\u00eener l&#8217;ex\u00e9cution de code \u00e0 distance sur les syst\u00e8mes concern\u00e9s.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2023\/11\/urgent-vmware-warns-of-unpatched.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80215 novembre 2023\ue804R\u00e9dactionS\u00e9curit\u00e9 r\u00e9seau \/ Vuln\u00e9rabilit\u00e9 VMware met en garde contre une faille de s\u00e9curit\u00e9 critique et non corrig\u00e9e dans Cloud Director qui pourrait \u00eatre exploit\u00e9e par un acteur malveillant pour contourner les protections d&#8217;authentification. Suivi comme CVE-2023-34060 (score CVSS : 9,8), la vuln\u00e9rabilit\u00e9 affecte les instances qui ont \u00e9t\u00e9 mises \u00e0 niveau vers la [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1017145,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[200292,214905,4168,841,59777,22,4165,4161,200267,525,4159,4171,200271,4955,200268,200269,200270,128318,4172,4169,196,4038,4166,34910,3667,4164],"class_list":["post-1017144","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-actualites-sur-la-cybersecurite","tag-clouddirector","tag-comment-pirater","tag-contre","tag-corrigee","tag-critique","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-cyberactualites","tag-garde","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-logiciel-malveillant-rancongiciel","tag-met","tag-mises-a-jour-sur-la-cybersecurite","tag-nouvelles-des-pirates","tag-nouvelles-sur-le-piratage","tag-securite-des-informations","tag-securite-informatique","tag-securite-internet","tag-une","tag-urgent","tag-violation-de-donnees","tag-vmware","tag-vulnerabilite","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1017144","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=1017144"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1017144\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/1017145"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=1017144"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=1017144"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=1017144"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}