{"id":1099482,"date":"2024-01-13T11:54:26","date_gmt":"2024-01-13T13:54:26","guid":{"rendered":"https:\/\/teknomers.com\/fr\/vulnerabilite-rce-critique-decouverte-dans-les-pare-feu-et-les-commutateurs-ex-juniper-srx\/"},"modified":"2024-01-13T11:54:30","modified_gmt":"2024-01-13T13:54:30","slug":"vulnerabilite-rce-critique-decouverte-dans-les-pare-feu-et-les-commutateurs-ex-juniper-srx","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/vulnerabilite-rce-critique-decouverte-dans-les-pare-feu-et-les-commutateurs-ex-juniper-srx\/","title":{"rendered":"Vuln\u00e9rabilit\u00e9 RCE critique d\u00e9couverte dans les pare-feu et les commutateurs EX Juniper SRX"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">13 janvier 2024<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">R\u00e9daction<\/span><\/span><span class=\"p-tags\">Vuln\u00e9rabilit\u00e9 \/ S\u00e9curit\u00e9 du r\u00e9seau<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/01\/Vulnerabilite-RCE-critique-decouverte-dans-les-pare-feu-et-les-commutateurs.jpg\" style=\"clear: left; display: block; float: left; text-align: center;\"><\/a><\/div>\n<p>Juniper Networks a publi\u00e9 des mises \u00e0 jour pour corriger une vuln\u00e9rabilit\u00e9 critique d&#8217;ex\u00e9cution de code \u00e0 distance (RCE) dans ses pare-feu SRX Series et ses commutateurs EX Series.<\/p>\n<p>Le probl\u00e8me, suivi comme <strong>CVE-2024-21591<\/strong>est not\u00e9 9,8 sur le syst\u00e8me de notation CVSS.<\/p>\n<p>&#8220;Une vuln\u00e9rabilit\u00e9 d&#8217;\u00e9criture hors limites dans J-Web de Juniper Networks Junos OS SRX Series et EX Series permet \u00e0 un attaquant non authentifi\u00e9 bas\u00e9 sur le r\u00e9seau de provoquer un d\u00e9ni de service (DoS) ou une ex\u00e9cution de code \u00e0 distance (RCE) et obtenir les privil\u00e8ges root sur l&#8217;appareil&#8221;, la soci\u00e9t\u00e9 <a rel=\"nofollow noopener\" href=\"https:\/\/supportportal.juniper.net\/s\/article\/2024-01-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Security-Vulnerability-in-J-web-allows-a-preAuth-Remote-Code-Execution-CVE-2024-21591?language=en_US\" target=\"_blank\">dit<\/a> dans un avis.<\/p>\n<p>La major des \u00e9quipements r\u00e9seaux, qui devrait \u00eatre <a rel=\"nofollow noopener\" href=\"https:\/\/www.hpe.com\/us\/en\/newsroom\/press-release\/2024\/01\/hpe-to-acquire-juniper-networks-to-accelerate-ai-driven-innovation.html\" target=\"_blank\">acquis par Hewlett Packard Enterprise (HPE)<\/a> pour 14 milliards de dollars, a d\u00e9clar\u00e9 que le probl\u00e8me \u00e9tait d\u00fb \u00e0 l&#8217;utilisation d&#8217;une fonction non s\u00e9curis\u00e9e permettant \u00e0 un acteur malveillant d&#8217;\u00e9craser une m\u00e9moire arbitraire.<\/p>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/BHcgTukm\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/01\/1704092918_732_Nouveau-JinxLoader-ciblant-les-utilisateurs-avec-les-logiciels-malveillants-Formbook.jpg\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>La faille affecte les versions suivantes et a \u00e9t\u00e9 corrig\u00e9e dans les versions 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S2, 22.4R2. -S2, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1 et versions ult\u00e9rieures &#8211;<\/p>\n<ul>\n<li>Versions Junos OS ant\u00e9rieures \u00e0 20.4R3-S9<\/li>\n<li>Versions Junos OS 21.2 ant\u00e9rieures \u00e0 21.2R3-S7<\/li>\n<li>Versions Junos OS 21.3 ant\u00e9rieures \u00e0 21.3R3-S5<\/li>\n<li>Versions Junos OS 21.4 ant\u00e9rieures \u00e0 21.4R3-S5<\/li>\n<li>Versions Junos OS 22.1 ant\u00e9rieures \u00e0 22.1R3-S4<\/li>\n<li>Versions Junos OS 22.2 ant\u00e9rieures \u00e0 22.2R3-S3<\/li>\n<li>Junos OS 22.3 versions ant\u00e9rieures \u00e0 22.3R3-S2, et<\/li>\n<li>Versions Junos OS 22.4 ant\u00e9rieures \u00e0 22.4R2-S2, 22.4R3<\/li>\n<\/ul>\n<p>En guise de solutions temporaires jusqu&#8217;\u00e0 ce que les correctifs soient d\u00e9ploy\u00e9s, la soci\u00e9t\u00e9 recommande aux utilisateurs de d\u00e9sactiver J-Web ou de restreindre l&#8217;acc\u00e8s aux seuls h\u00f4tes de confiance.<\/p>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/3UvK59NV\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/01\/Nouveau-JinxLoader-ciblant-les-utilisateurs-avec-les-logiciels-malveillants-Formbook.png\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>Juniper Networks a \u00e9galement r\u00e9solu un bogue de haute gravit\u00e9 dans Junos OS et Junos OS Evolved (<a rel=\"nofollow noopener\" href=\"https:\/\/supportportal.juniper.net\/s\/article\/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-jflow-scenario-continuous-route-churn-will-cause-a-memory-leak-and-eventually-an-rpd-crash-CVE-2024-21611?language=en_US\" target=\"_blank\">CVE-2024-21611<\/a>score CVSS : 7,5) qui pourrait \u00eatre utilis\u00e9e par un attaquant r\u00e9seau non authentifi\u00e9 pour provoquer une condition DoS.<\/p>\n<p>Bien qu&#8217;il existe des preuves que les vuln\u00e9rabilit\u00e9s sont exploit\u00e9es \u00e0 grande \u00e9chelle, de multiples failles de s\u00e9curit\u00e9 affectant les pare-feu SRX et les commutateurs EX de l&#8217;entreprise ont \u00e9t\u00e9 exploit\u00e9es par des acteurs malveillants l&#8217;ann\u00e9e derni\u00e8re.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2024\/01\/critical-rce-vulnerability-uncovered-in.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80213 janvier 2024\ue804R\u00e9dactionVuln\u00e9rabilit\u00e9 \/ S\u00e9curit\u00e9 du r\u00e9seau Juniper Networks a publi\u00e9 des mises \u00e0 jour pour corriger une vuln\u00e9rabilit\u00e9 critique d&#8217;ex\u00e9cution de code \u00e0 distance (RCE) dans ses pare-feu SRX Series et ses commutateurs EX Series. Le probl\u00e8me, suivi comme CVE-2024-21591est not\u00e9 9,8 sur le syst\u00e8me de notation CVSS. &#8220;Une vuln\u00e9rabilit\u00e9 d&#8217;\u00e9criture hors limites dans [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1099483,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[200292,4168,5860,22,4165,4161,200267,429,8816,90722,4159,4171,65,200271,200268,200269,200270,5467,22778,128318,4172,4169,224281,4166,3667,4164],"class_list":["post-1099482","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-actualites-sur-la-cybersecurite","tag-comment-pirater","tag-commutateurs","tag-critique","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-cyberactualites","tag-dans","tag-decouverte","tag-juniper","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-les","tag-logiciel-malveillant-rancongiciel","tag-mises-a-jour-sur-la-cybersecurite","tag-nouvelles-des-pirates","tag-nouvelles-sur-le-piratage","tag-parefeu","tag-rce","tag-securite-des-informations","tag-securite-informatique","tag-securite-internet","tag-srx","tag-violation-de-donnees","tag-vulnerabilite","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1099482","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=1099482"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1099482\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/1099483"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=1099482"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=1099482"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=1099482"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}