{"id":115529,"date":"2022-04-28T09:53:33","date_gmt":"2022-04-28T11:53:33","guid":{"rendered":"https:\/\/teknomers.com\/fr\/qnap-conseille-dattenuer-les-failles-de-piratage-a-distance-jusqua-ce-que-des-correctifs-soient-disponibles\/"},"modified":"2022-04-28T09:53:39","modified_gmt":"2022-04-28T11:53:39","slug":"qnap-conseille-dattenuer-les-failles-de-piratage-a-distance-jusqua-ce-que-des-correctifs-soient-disponibles","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/qnap-conseille-dattenuer-les-failles-de-piratage-a-distance-jusqua-ce-que-des-correctifs-soient-disponibles\/","title":{"rendered":"QNAP conseille d&#8217;att\u00e9nuer les failles de piratage \u00e0 distance jusqu&#8217;\u00e0 ce que des correctifs soient disponibles"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both\"><\/div>\n<p>Le fabricant d&#8217;appareils de stockage en r\u00e9seau (NAS) QNAP mercredi <a rel=\"nofollow noopener\" href=\"https:\/\/www.qnap.com\/en\/security-advisory\/qsa-22-12\" target=\"_blank\">mentionn\u00e9<\/a> il travaille sur la mise \u00e0 jour de ses syst\u00e8mes d&#8217;exploitation QTS et QuTS apr\u00e8s que Netatalk a publi\u00e9 le mois dernier des correctifs pour contenir sept failles de s\u00e9curit\u00e9 dans son logiciel.<\/p>\n<p><a rel=\"nofollow noopener\" href=\"https:\/\/en.wikipedia.org\/wiki\/Netatalk\" target=\"_blank\">Netatalk<\/a> est une impl\u00e9mentation open-source du protocole Apple Filing (<a rel=\"nofollow noopener\" href=\"https:\/\/en.wikipedia.org\/wiki\/Apple_Filing_Protocol\" target=\"_blank\">AFP<\/a>), permettant aux syst\u00e8mes d&#8217;exploitation de type Unix de servir de serveurs de fichiers pour les ordinateurs Apple macOS.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/backhub-d2\" target=\"_blank\" title=\"CyberSecurity\"><img loading=\"lazy\" decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/02\/Des-experts-chinois-decouvrent-les-details-de-loutil-de-piratage.png\" width=\"728\" height=\"90\" \/><\/a><\/div>\n<p>Le 22 mars 2022, ses mainteneurs ont publi\u00e9 <a rel=\"nofollow noopener\" href=\"https:\/\/netatalk.sourceforge.io\/3.1\/ReleaseNotes3.1.13.html\" target=\"_blank\">version 3.1.13<\/a> du logiciel pour r\u00e9soudre les principaux probl\u00e8mes de s\u00e9curit\u00e9 \u2014 <a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-31439\" target=\"_blank\">CVE-2021-31439<\/a>, <a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-23121\" target=\"_blank\">CVE-2022-23121<\/a>, <a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-23122\" target=\"_blank\">CVE-2022-23122<\/a>, <a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-23123\" target=\"_blank\">CVE-2022-23123<\/a>, <a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-23124\" target=\"_blank\">CVE-2022-23124<\/a>, <a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-23125\" target=\"_blank\">CVE-2022-23125<\/a>et <a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-0194\" target=\"_blank\">CVE-2022-0194<\/a> \u2014 qui pourraient \u00eatre exploit\u00e9es pour obtenir l&#8217;ex\u00e9cution de code arbitraire.<\/p>\n<div class=\"separator\" style=\"clear: both\"><img decoding=\"async\" alt=\"Stockage en r\u00e9seau\" border=\"0\" data-original-height=\"400\" data-original-width=\"728\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/04\/QNAP-conseille-dattenuer-les-failles-de-piratage-a-distance-jusqua.gif\" title=\"Stockage en r\u00e9seau\" \/><\/div>\n<p>&#8220;Cette vuln\u00e9rabilit\u00e9 [CVE-2022-23121] peut \u00eatre exploit\u00e9 \u00e0 distance et ne n\u00e9cessite pas d&#8217;authentification \u00bb, ont d\u00e9clar\u00e9 les chercheurs du groupe NCC <a rel=\"nofollow noopener\" href=\"https:\/\/research.nccgroup.com\/2022\/03\/24\/remote-code-execution-on-western-digital-pr4100-nas-cve-2022-23121\/\" target=\"_blank\">c&#8217;est not\u00e9<\/a> le mois dernier.  &#8220;Cela permet \u00e0 un attaquant d&#8217;obtenir l&#8217;ex\u00e9cution de code \u00e0 distance en tant qu&#8217;utilisateur&#8221; personne &#8220;sur le NAS. Cet utilisateur peut acc\u00e9der \u00e0 des partages priv\u00e9s qui n\u00e9cessiteraient normalement une authentification.&#8221;<\/p>\n<p>QNAP a not\u00e9 que les vuln\u00e9rabilit\u00e9s Netatalk affectent les versions de syst\u00e8me d&#8217;exploitation suivantes &#8211;<\/p>\n<ul>\n<li>QTS 5.0.x et versions ult\u00e9rieures<\/li>\n<li>QTS 4.5.4 et versions ult\u00e9rieures<\/li>\n<li>QTS 4.3.6 et versions ult\u00e9rieures<\/li>\n<li>QTS 4.3.4 et versions ult\u00e9rieures<\/li>\n<li>QTS 4.3.3 et versions ult\u00e9rieures<\/li>\n<li>QTS 4.2.6 et versions ult\u00e9rieures<\/li>\n<li>QuTS hero h5.0.x et versions ult\u00e9rieures<\/li>\n<li>QuTS hero h4.5.4 et versions ult\u00e9rieures, et<\/li>\n<li>QuTScloud c5.0.x<\/li>\n<\/ul>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/crowdsec-tour-d\" target=\"_blank\" title=\"CyberSecurity\"><img loading=\"lazy\" decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/04\/1650021915_454_Haskers-Gang-donne-gratuitement-le-logiciel-malveillant-ZingoStealer-a-dautres.jpg\" width=\"728\" height=\"90\" \/><\/a><\/div>\n<p>Jusqu&#8217;\u00e0 ce que les mises \u00e0 jour soient disponibles, la soci\u00e9t\u00e9 ta\u00efwanaise recommande aux utilisateurs de d\u00e9sactiver l&#8217;AFP.  Les failles ont \u00e9t\u00e9 corrig\u00e9es jusqu&#8217;\u00e0 pr\u00e9sent dans QTS 4.5.4.2012 build 20220419 et versions ult\u00e9rieures.<\/p>\n<p>La divulgation arrive moins d&#8217;une semaine apr\u00e8s que QNAP a d\u00e9clar\u00e9 qu&#8217;il enqu\u00eatait sur sa gamme de produits pour un impact potentiel r\u00e9sultant de deux vuln\u00e9rabilit\u00e9s de s\u00e9curit\u00e9 qui ont \u00e9t\u00e9 corrig\u00e9es dans le serveur HTTP Apache le mois dernier.<\/p>\n<p><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2022\/04\/qnap-advises-to-mitigate-remote-hacking.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Le fabricant d&#8217;appareils de stockage en r\u00e9seau (NAS) QNAP mercredi mentionn\u00e9 il travaille sur la mise \u00e0 jour de ses syst\u00e8mes d&#8217;exploitation QTS et QuTS apr\u00e8s que Netatalk a publi\u00e9 le mois dernier des correctifs pour contenir sept failles de s\u00e9curit\u00e9 dans son logiciel. Netatalk est une impl\u00e9mentation open-source du protocole Apple Filing (AFP), permettant [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":115530,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[4168,4482,15954,4158,4165,4161,57207,133,14882,2526,4806,828,4157,4159,4171,4170,65,4167,4160,4163,4162,5666,27510,4172,4169,5118,4166,4164],"class_list":["post-115529","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-comment-pirater","tag-conseille","tag-correctifs","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-dattenuer","tag-des","tag-disponibles","tag-distance","tag-failles","tag-jusqua","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-les","tag-logiciel-malveillant-de-ransomware","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-piratage","tag-qnap","tag-securite-informatique","tag-securite-internet","tag-soient","tag-violation-de-donnees","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/115529","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=115529"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/115529\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/115530"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=115529"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=115529"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=115529"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}