{"id":1094615,"date":"2024-01-10T06:58:33","date_gmt":"2024-01-10T08:58:33","guid":{"rendered":"https:\/\/teknomers.com\/fr\/cisa-signale-6-vulnerabilites-apple-apache-adobe-d-link-joomla-attaques\/"},"modified":"2024-01-10T06:58:37","modified_gmt":"2024-01-10T08:58:37","slug":"cisa-signale-6-vulnerabilites-apple-apache-adobe-d-link-joomla-attaques","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/cisa-signale-6-vulnerabilites-apple-apache-adobe-d-link-joomla-attaques\/","title":{"rendered":"CISA signale 6 vuln\u00e9rabilit\u00e9s \u2013 Apple, Apache, Adobe, D-Link, Joomla attaqu\u00e9s"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">10 janvier 2024<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">R\u00e9daction<\/span><\/span><span class=\"p-tags\">Gestion des correctifs\/intelligence sur les menaces<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/01\/CISA-signale-6-vulnerabilites-\u2013-Apple-Apache-Adobe-D-Link-Joomla.png\" style=\"clear: left; display: block; float: left; text-align: center;\"><\/a><\/div>\n<p>L\u2019Agence am\u00e9ricaine de cybers\u00e9curit\u00e9 et de s\u00e9curit\u00e9 des infrastructures (CISA) a <a rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2024\/01\/08\/cisa-adds-six-known-exploited-vulnerabilities-catalog\" target=\"_blank\">ajout\u00e9e<\/a> six failles de s\u00e9curit\u00e9 \u00e0 ses vuln\u00e9rabilit\u00e9s exploit\u00e9es connues (<a rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\" target=\"_blank\">KEV<\/a>), citant des preuves d&#8217;une exploitation active.<\/p>\n<p>Ceci comprend <a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-27524\" target=\"_blank\">CVE-2023-27524<\/a> (score CVSS : 8,9), une vuln\u00e9rabilit\u00e9 de haute gravit\u00e9 affectant le logiciel open source de visualisation de donn\u00e9es Apache Superset qui pourrait permettre l&#8217;ex\u00e9cution de code \u00e0 distance.  Cela a \u00e9t\u00e9 corrig\u00e9 dans la version 2.1.<\/p>\n<p>Les d\u00e9tails du probl\u00e8me ont \u00e9t\u00e9 r\u00e9v\u00e9l\u00e9s pour la premi\u00e8re fois en avril 2023, Naveen Sunkavally d&#8217;Horizon3.ai le d\u00e9crivant comme une \u00ab configuration par d\u00e9faut dangereuse dans Apache Superset qui permet \u00e0 un attaquant non authentifi\u00e9 d&#8217;ex\u00e9cuter du code \u00e0 distance, de r\u00e9colter des informations d&#8217;identification et de compromettre des donn\u00e9es \u00bb.<\/p>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/BHcgTukm\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/01\/1704092918_732_Nouveau-JinxLoader-ciblant-les-utilisateurs-avec-les-logiciels-malveillants-Formbook.jpg\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>On ne sait actuellement pas comment cette vuln\u00e9rabilit\u00e9 est exploit\u00e9e dans la nature.  Cinq autres failles ont \u00e9galement \u00e9t\u00e9 ajout\u00e9es par CISA\u00a0:<\/p>\n<ul>\n<li><a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-38203\" target=\"_blank\"><strong>CVE-2023-38203<\/strong><\/a>  (score CVSS\u00a0: 9,8) &#8211; D\u00e9s\u00e9rialisation Adobe ColdFusion de la vuln\u00e9rabilit\u00e9 des donn\u00e9es non fiables<\/li>\n<li><a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-29300\" target=\"_blank\"><strong>CVE-2023-29300<\/strong><\/a>  (score CVSS\u00a0: 9,8) &#8211; D\u00e9s\u00e9rialisation Adobe ColdFusion de la vuln\u00e9rabilit\u00e9 des donn\u00e9es non fiables<\/li>\n<li><a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-41990\" target=\"_blank\"><strong>CVE-2023-41990<\/strong><\/a>  (score CVSS\u00a0: 7,8) &#8211; Vuln\u00e9rabilit\u00e9 d&#8217;ex\u00e9cution de code dans plusieurs produits Apple<\/li>\n<li><a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2016-20017\" target=\"_blank\"><strong>CVE-2016-20017<\/strong><\/a>  (score CVSS : 9,8) &#8211; Vuln\u00e9rabilit\u00e9 d&#8217;injection de commande des appareils D-Link DSL-2750B<\/li>\n<li><a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-23752\" target=\"_blank\"><strong>CVE-2023-23752<\/strong><\/a>  (score CVSS : 5,3) &#8211; Joomla!  Vuln\u00e9rabilit\u00e9 de contr\u00f4le d\u2019acc\u00e8s inappropri\u00e9<\/li>\n<\/ul>\n<p>Il convient de noter que CVE-2023-41990, corrig\u00e9 par Apple dans iOS 15.7.8 et iOS 16.3, a \u00e9t\u00e9 utilis\u00e9 par des acteurs inconnus dans le cadre d&#8217;attaques de logiciels espions Operation Triangulation pour r\u00e9aliser l&#8217;ex\u00e9cution de code \u00e0 distance lors du traitement d&#8217;une pi\u00e8ce jointe PDF iMessage sp\u00e9cialement con\u00e7ue.<\/p>\n<p>Il a \u00e9t\u00e9 recommand\u00e9 aux agences du Pouvoir ex\u00e9cutif civil f\u00e9d\u00e9ral (FCEB) d&#8217;appliquer des correctifs aux bogues susmentionn\u00e9s d&#8217;ici le 29 janvier 2024, afin de s\u00e9curiser leurs r\u00e9seaux contre les menaces actives.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2024\/01\/cisa-flags-6-vulnerabilities-apple.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80210 janvier 2024\ue804R\u00e9dactionGestion des correctifs\/intelligence sur les menaces L\u2019Agence am\u00e9ricaine de cybers\u00e9curit\u00e9 et de s\u00e9curit\u00e9 des infrastructures (CISA) a ajout\u00e9e six failles de s\u00e9curit\u00e9 \u00e0 ses vuln\u00e9rabilit\u00e9s exploit\u00e9es connues (KEV), citant des preuves d&#8217;une exploitation active. Ceci comprend CVE-2023-27524 (score CVSS : 8,9), une vuln\u00e9rabilit\u00e9 de haute gravit\u00e9 affectant le logiciel open source de visualisation [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1094616,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[200292,21965,43333,2479,8074,4805,4168,4165,4161,200267,106877,223779,4159,4171,200271,200268,200269,200270,128318,4172,4169,5520,4166,4164,12365],"class_list":["post-1094615","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-actualites-sur-la-cybersecurite","tag-adobe","tag-apache","tag-apple","tag-attaques","tag-cisa","tag-comment-pirater","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-cyberactualites","tag-dlink","tag-joomla","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-logiciel-malveillant-rancongiciel","tag-mises-a-jour-sur-la-cybersecurite","tag-nouvelles-des-pirates","tag-nouvelles-sur-le-piratage","tag-securite-des-informations","tag-securite-informatique","tag-securite-internet","tag-signale","tag-violation-de-donnees","tag-vulnerabilite-logicielle","tag-vulnerabilites"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1094615","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=1094615"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1094615\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/1094616"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=1094615"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=1094615"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=1094615"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}