{"id":1119438,"date":"2024-01-26T14:48:29","date_gmt":"2024-01-26T16:48:29","guid":{"rendered":"https:\/\/teknomers.com\/fr\/une-faille-critique-de-cisco-permet-aux-pirates-de-prendre-le-controle-a-distance-des-systemes-de-communications-unifiees\/"},"modified":"2024-01-26T14:48:33","modified_gmt":"2024-01-26T16:48:33","slug":"une-faille-critique-de-cisco-permet-aux-pirates-de-prendre-le-controle-a-distance-des-systemes-de-communications-unifiees","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/une-faille-critique-de-cisco-permet-aux-pirates-de-prendre-le-controle-a-distance-des-systemes-de-communications-unifiees\/","title":{"rendered":"Une faille critique de Cisco permet aux pirates de prendre le contr\u00f4le \u00e0 distance des syst\u00e8mes de communications unifi\u00e9es"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">26 janvier 2024<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">R\u00e9daction<\/span><\/span><span class=\"p-tags\">S\u00e9curit\u00e9\/Vuln\u00e9rabilit\u00e9 du r\u00e9seau<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/01\/Une-faille-critique-de-Cisco-permet-aux-pirates-de-prendre.jpg\" style=\"clear: left; display: block; float: left; text-align: center;\"><\/a><\/div>\n<p>Cisco a publi\u00e9 des correctifs pour corriger une faille de s\u00e9curit\u00e9 critique affectant les produits de communications unifi\u00e9es et de solutions de centre de contact, qui pourrait permettre \u00e0 un attaquant distant non authentifi\u00e9 d&#8217;ex\u00e9cuter du code arbitraire sur un appareil affect\u00e9.<\/p>\n<p>Suivi comme <strong>CVE-2024-20253<\/strong> (score CVSS : 9,9), le probl\u00e8me provient d&#8217;un traitement inappropri\u00e9 des donn\u00e9es fournies par l&#8217;utilisateur dont un acteur malveillant pourrait abuser pour envoyer un message sp\u00e9cialement con\u00e7u \u00e0 un port d&#8217;\u00e9coute d&#8217;une appliance sensible.<\/p>\n<p>&#8220;Un exploit r\u00e9ussi pourrait permettre \u00e0 l&#8217;attaquant d&#8217;ex\u00e9cuter des commandes arbitraires sur le syst\u00e8me d&#8217;exploitation sous-jacent avec les privil\u00e8ges de l&#8217;utilisateur des services Web&#8221;, a d\u00e9clar\u00e9 Cisco. <a rel=\"nofollow noopener\" href=\"https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-cucm-rce-bWNzQcUm\" target=\"_blank\">dit<\/a> dans un avis.  &#8220;En acc\u00e9dant au syst\u00e8me d&#8217;exploitation sous-jacent, l&#8217;attaquant pourrait \u00e9galement \u00e9tablir un acc\u00e8s root sur l&#8217;appareil concern\u00e9.&#8221;<\/p>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/tl_d1\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/01\/Les-attaques-DDoS-contre-le-secteur-des-services-environnementaux-augmentent.gif\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>Julien Egloff, chercheur en s\u00e9curit\u00e9 chez Synacktiv, a \u00e9t\u00e9 reconnu pour avoir d\u00e9couvert et signal\u00e9 CVE-2024-20253.  Les produits suivants sont concern\u00e9s par la faille &#8211;<\/p>\n<ul>\n<li>Gestionnaire de communications unifi\u00e9es (versions 11.5, 12.5(1) et 14)<\/li>\n<li>Service de messagerie instantan\u00e9e et de pr\u00e9sence Unified Communications Manager (versions 11.5(1), 12.5(1) et 14)<\/li>\n<li>\u00c9dition de gestion de session Unified Communications Manager (versions 11.5, 12.5(1) et 14)<\/li>\n<li>Unified Contact Center Express (versions 12.0 et ant\u00e9rieures et 12.5(1))<\/li>\n<li>Unity Connection (versions 11.5(1), 12.5(1) et 14) et<\/li>\n<li>Navigateur vocal virtualis\u00e9 (versions 12.0 et ant\u00e9rieures, 12.5(1) et 12.5(2))<\/li>\n<\/ul>\n<p>Bien qu&#8217;il n&#8217;existe aucune solution de contournement pour rem\u00e9dier \u00e0 cette lacune, le fabricant d&#8217;\u00e9quipements r\u00e9seau exhorte les utilisateurs \u00e0 \u00e9tablir des listes de contr\u00f4le d&#8217;acc\u00e8s pour limiter l&#8217;acc\u00e8s l\u00e0 o\u00f9 l&#8217;application des mises \u00e0 jour n&#8217;est pas imm\u00e9diatement possible.<\/p>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/3UvK59NV\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/01\/Nouveau-JinxLoader-ciblant-les-utilisateurs-avec-les-logiciels-malveillants-Formbook.png\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>&#8220;\u00c9tablissez des listes de contr\u00f4le d&#8217;acc\u00e8s (ACL) sur les appareils interm\u00e9diaires qui s\u00e9parent le cluster Cisco Unified Communications ou Cisco Contact Center Solutions des utilisateurs et du reste du r\u00e9seau pour autoriser l&#8217;acc\u00e8s uniquement aux ports des services d\u00e9ploy\u00e9s&#8221;, a d\u00e9clar\u00e9 la soci\u00e9t\u00e9.<\/p>\n<p>La divulgation arrive quelques semaines apr\u00e8s que Cisco a publi\u00e9 des correctifs pour une faille de s\u00e9curit\u00e9 critique affectant Unity Connection (CVE-2024-20272, score CVSS : 7,3) qui pourrait permettre \u00e0 un adversaire d&#8217;ex\u00e9cuter des commandes arbitraires sur le syst\u00e8me sous-jacent.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2024\/01\/critical-cisco-flaw-lets-hackers.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80226 janvier 2024\ue804R\u00e9dactionS\u00e9curit\u00e9\/Vuln\u00e9rabilit\u00e9 du r\u00e9seau Cisco a publi\u00e9 des correctifs pour corriger une faille de s\u00e9curit\u00e9 critique affectant les produits de communications unifi\u00e9es et de solutions de centre de contact, qui pourrait permettre \u00e0 un attaquant distant non authentifi\u00e9 d&#8217;ex\u00e9cuter du code arbitraire sur un appareil affect\u00e9. Suivi comme CVE-2024-20253 (score CVSS : 9,9), le [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1119439,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[200292,507,5859,4168,2462,3976,22,4165,4161,200267,133,2526,9048,4159,4171,200271,200268,200269,200270,9701,4394,3086,128318,4172,4169,5046,196,141658,4166,4164],"class_list":["post-1119438","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-actualites-sur-la-cybersecurite","tag-aux","tag-cisco","tag-comment-pirater","tag-communications","tag-controle","tag-critique","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-cyberactualites","tag-des","tag-distance","tag-faille","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-logiciel-malveillant-rancongiciel","tag-mises-a-jour-sur-la-cybersecurite","tag-nouvelles-des-pirates","tag-nouvelles-sur-le-piratage","tag-permet","tag-pirates","tag-prendre","tag-securite-des-informations","tag-securite-informatique","tag-securite-internet","tag-systemes","tag-une","tag-unifiees","tag-violation-de-donnees","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1119438","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=1119438"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1119438\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/1119439"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=1119438"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=1119438"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=1119438"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}