{"id":1124482,"date":"2024-01-30T05:54:24","date_gmt":"2024-01-30T07:54:24","guid":{"rendered":"https:\/\/teknomers.com\/fr\/juniper-networks-publie-des-mises-a-jour-urgentes-de-junos-os-pour-les-failles-de-haute-gravite\/"},"modified":"2024-01-30T05:54:28","modified_gmt":"2024-01-30T07:54:28","slug":"juniper-networks-publie-des-mises-a-jour-urgentes-de-junos-os-pour-les-failles-de-haute-gravite","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/juniper-networks-publie-des-mises-a-jour-urgentes-de-junos-os-pour-les-failles-de-haute-gravite\/","title":{"rendered":"Juniper Networks publie des mises \u00e0 jour urgentes de Junos OS pour les failles de haute gravit\u00e9"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">30 janvier 2024<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">R\u00e9daction<\/span><\/span><span class=\"p-tags\">Vuln\u00e9rabilit\u00e9 \/ S\u00e9curit\u00e9 du r\u00e9seau<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/01\/Juniper-Networks-publie-des-mises-a-jour-urgentes-de-Junos.jpg\" style=\"clear: left; display: block; float: left; text-align: center;\"><\/a><\/div>\n<p>Juniper Networks a publi\u00e9 des mises \u00e0 jour hors bande pour <a rel=\"nofollow noopener\" href=\"https:\/\/supportportal.juniper.net\/s\/article\/2024-01-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-have-been-addressed?language=en_US\" target=\"_blank\">corriger les d\u00e9fauts de haute gravit\u00e9<\/a> dans les s\u00e9ries SRX et EX qui pourraient \u00eatre exploit\u00e9es par un acteur malveillant pour prendre le contr\u00f4le de syst\u00e8mes sensibles.<\/p>\n<p>Les vuln\u00e9rabilit\u00e9s, suivies comme <strong>CVE-2024-21619 et CVE-2024-21620<\/strong>, sont ancr\u00e9s dans le composant J-Web et impactent toutes les versions de Junos OS.  Deux autres failles, CVE-2023-36846 et CVE-2023-36851, ont \u00e9t\u00e9 <a rel=\"nofollow noopener\" href=\"https:\/\/supportportal.juniper.net\/s\/article\/2023-08-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-can-be-combined-to-allow-a-preAuth-Remote-Code-Execution?language=en_US\" target=\"_blank\">divulgu\u00e9 pr\u00e9c\u00e9demment<\/a> par l\u2019entreprise en ao\u00fbt 2023.<\/p>\n<ul>\n<li><strong>CVE-2024-21619<\/strong> (score CVSS : 5,3) &#8211; Une vuln\u00e9rabilit\u00e9 d&#8217;authentification manquante qui pourrait conduire \u00e0 l&#8217;exposition d&#8217;informations de configuration sensibles<\/li>\n<li><strong>CVE-2024-21620<\/strong> (score CVSS : 8,8) &#8211; Une vuln\u00e9rabilit\u00e9 de cross-site scripting (XSS) pouvant conduire \u00e0 l&#8217;ex\u00e9cution de commandes arbitraires avec les autorisations de la cible au moyen d&#8217;une requ\u00eate sp\u00e9cialement con\u00e7ue<\/li>\n<\/ul>\n<p>La soci\u00e9t\u00e9 de cybers\u00e9curit\u00e9 watchTowr Labs a \u00e9t\u00e9 <a rel=\"nofollow noopener\" href=\"https:\/\/labs.watchtowr.com\/the-second-wednesday-of-the-first-month-of-every-quarter-juniper-0day-revisited\/\" target=\"_blank\">cr\u00e9dit\u00e9<\/a> avec la d\u00e9couverte et le signalement des probl\u00e8mes.  Les deux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les versions suivantes &#8211;<\/p>\n<ul>\n<li><strong>CVE-2024-21619<\/strong> -20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R1-S2, 23.2R2, 23.4R1, et toutes les versions ult\u00e9rieures<\/li>\n<li><strong>CVE-2024-21620<\/strong> &#8211; 20.4R3-S10, 21.2R3-S8, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3-S1, 23.2R2, 23.4R2 et toutes les versions ult\u00e9rieures<\/li>\n<\/ul>\n<p>\u00c0 titre d&#8217;att\u00e9nuation temporaire jusqu&#8217;\u00e0 ce que les correctifs soient d\u00e9ploy\u00e9s, la soci\u00e9t\u00e9 recommande aux utilisateurs de d\u00e9sactiver J-Web ou de restreindre l&#8217;acc\u00e8s aux seuls h\u00f4tes de confiance.<\/p>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/tl_d2\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/01\/1705402644_392_Le-logiciel-malveillant-Inferno-deguise-en-Coinbase-a-draine-87.jpg\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>Il convient de noter que CVE-2023-36846 et CVE-2023-36851 ont \u00e9t\u00e9 ajout\u00e9s au catalogue des vuln\u00e9rabilit\u00e9s exploit\u00e9es connues (KEV) en novembre 2023 par l&#8217;Agence am\u00e9ricaine de cybers\u00e9curit\u00e9 et de s\u00e9curit\u00e9 des infrastructures (CISA), sur la base de preuves d&#8217;exploitation active.<\/p>\n<p>Plus t\u00f4t ce mois-ci, Juniper Networks a \u00e9galement fourni des correctifs pour contenir une vuln\u00e9rabilit\u00e9 critique dans les m\u00eames produits (CVE-2024-21591, score CVSS : 9,8) qui pourrait permettre \u00e0 un attaquant de provoquer un d\u00e9ni de service (DoS) ou l&#8217;ex\u00e9cution de code \u00e0 distance. et obtenez les privil\u00e8ges root sur les appareils.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2024\/01\/juniper-networks-releases-urgent-junos.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80230 janvier 2024\ue804R\u00e9dactionVuln\u00e9rabilit\u00e9 \/ S\u00e9curit\u00e9 du r\u00e9seau Juniper Networks a publi\u00e9 des mises \u00e0 jour hors bande pour corriger les d\u00e9fauts de haute gravit\u00e9 dans les s\u00e9ries SRX et EX qui pourraient \u00eatre exploit\u00e9es par un acteur malveillant pour prendre le contr\u00f4le de syst\u00e8mes sensibles. Les vuln\u00e9rabilit\u00e9s, suivies comme CVE-2024-21619 et CVE-2024-21620, sont ancr\u00e9s dans [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1124483,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[200292,4168,4165,4161,200267,133,4806,11128,11685,3995,90722,90723,4159,4171,65,200271,5115,200268,79746,200269,200270,185,2212,128318,4172,4169,27129,4166,4164],"class_list":["post-1124482","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-actualites-sur-la-cybersecurite","tag-comment-pirater","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-cyberactualites","tag-des","tag-failles","tag-gravite","tag-haute","tag-jour","tag-juniper","tag-junos","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-les","tag-logiciel-malveillant-rancongiciel","tag-mises","tag-mises-a-jour-sur-la-cybersecurite","tag-networks","tag-nouvelles-des-pirates","tag-nouvelles-sur-le-piratage","tag-pour","tag-publie","tag-securite-des-informations","tag-securite-informatique","tag-securite-internet","tag-urgentes","tag-violation-de-donnees","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1124482","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=1124482"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1124482\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/1124483"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=1124482"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=1124482"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=1124482"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}