{"id":1158732,"date":"2024-02-21T02:57:38","date_gmt":"2024-02-21T04:57:38","guid":{"rendered":"https:\/\/teknomers.com\/fr\/failles-critiques-detectees-dans-le-logiciel-connectwise-screenconnect-corrigez-maintenant\/"},"modified":"2024-02-21T02:57:42","modified_gmt":"2024-02-21T04:57:42","slug":"failles-critiques-detectees-dans-le-logiciel-connectwise-screenconnect-corrigez-maintenant","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/failles-critiques-detectees-dans-le-logiciel-connectwise-screenconnect-corrigez-maintenant\/","title":{"rendered":"Failles critiques d\u00e9tect\u00e9es dans le logiciel ConnectWise ScreenConnect &#8211; Corrigez maintenant"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">20 f\u00e9vrier 2024<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">R\u00e9daction<\/span><\/span><span class=\"p-tags\">Vuln\u00e9rabilit\u00e9\/S\u00e9curit\u00e9 du r\u00e9seau<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/02\/Failles-critiques-detectees-dans-le-logiciel-ConnectWise-ScreenConnect-Corrigez.jpg\" style=\"clear: left; display: block; float: left; text-align: center;\"><\/a><\/div>\n<p>ConnectWise a publi\u00e9 des mises \u00e0 jour logicielles pour corriger deux failles de s\u00e9curit\u00e9 dans son logiciel de bureau et d&#8217;acc\u00e8s \u00e0 distance ScreenConnect, y compris un bug critique qui pourrait permettre l&#8217;ex\u00e9cution de code \u00e0 distance sur les syst\u00e8mes concern\u00e9s.<\/p>\n<p>Le <a rel=\"nofollow noopener\" href=\"https:\/\/www.connectwise.com\/company\/trust\/security-bulletins\/connectwise-screenconnect-23.9.8\" target=\"_blank\">vuln\u00e9rabilit\u00e9s<\/a>qui manquent actuellement d&#8217;identifiants CVE, sont r\u00e9pertori\u00e9s ci-dessous &#8211;<\/p>\n<ul>\n<li>Contournement de l&#8217;authentification \u00e0 l&#8217;aide d&#8217;un autre chemin ou canal (score CVSS\u00a0: 10,0)<\/li>\n<li>Limitation incorrecte d&#8217;un nom de chemin \u00e0 un r\u00e9pertoire restreint, \u00e9galement appel\u00e9 \u00ab\u00a0travers\u00e9e de chemin\u00a0\u00bb (score CVSS\u00a0: 8,4)<\/li>\n<\/ul>\n<p>La soci\u00e9t\u00e9 a jug\u00e9 la gravit\u00e9 des probl\u00e8mes comme critique, citant qu&#8217;ils &#8220;pourraient permettre l&#8217;ex\u00e9cution de code \u00e0 distance ou avoir un impact direct sur des donn\u00e9es confidentielles ou des syst\u00e8mes critiques&#8221;.<\/p>\n<div class=\"check_two clear bobbob\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thehackernews.uk\/freedom728\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/02\/1708095444_689_RustDoor-macOS-Backdoor-cible-les-entreprises-de-crypto-monnaie-avec-de.jpg\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>Les deux vuln\u00e9rabilit\u00e9s affectent les versions 23.9.7 et ant\u00e9rieures de ScreenConnect, avec des correctifs disponibles dans la version 23.9.8.  Les failles ont \u00e9t\u00e9 signal\u00e9es \u00e0 l\u2019entreprise le 13 f\u00e9vrier 2024.<\/p>\n<p>Bien qu&#8217;il n&#8217;y ait aucune preuve que les lacunes aient \u00e9t\u00e9 exploit\u00e9es dans la nature, il est recommand\u00e9 aux utilisateurs qui ex\u00e9cutent des versions auto-h\u00e9berg\u00e9es ou sur site de mettre \u00e0 jour vers la derni\u00e8re version d\u00e8s que possible.<\/p>\n<p>&#8220;ConnectWise fournira \u00e9galement des versions mises \u00e0 jour des versions 22.4 \u00e0 23.9.7 pour le probl\u00e8me critique, mais recommande fortement aux partenaires de mettre \u00e0 jour vers la version 23.9.8 de ScreenConnect&#8221;, a d\u00e9clar\u00e9 la soci\u00e9t\u00e9 de logiciels de gestion informatique.<\/p>\n<p>La soci\u00e9t\u00e9 de cybers\u00e9curit\u00e9 Huntress a d\u00e9clar\u00e9 avoir trouv\u00e9 plus de 8 800 serveurs ex\u00e9cutant une version vuln\u00e9rable de ScreenConnect.  Il a aussi <a rel=\"nofollow noopener\" href=\"https:\/\/www.huntress.com\/blog\/detection-guidance-for-connectwise-cwe-288-2\" target=\"_blank\">d\u00e9montr\u00e9<\/a> un exploit de preuve de concept (PoC) qui, selon lui, peut \u00eatre \u00ab recr\u00e9\u00e9 facilement et n\u00e9cessite des connaissances techniques minimales \u00bb et utilis\u00e9 pour contourner l&#8217;authentification sur les serveurs ScreenConnect non corrig\u00e9s.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2024\/02\/critical-flaws-found-in-connectwise.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80220 f\u00e9vrier 2024\ue804R\u00e9dactionVuln\u00e9rabilit\u00e9\/S\u00e9curit\u00e9 du r\u00e9seau ConnectWise a publi\u00e9 des mises \u00e0 jour logicielles pour corriger deux failles de s\u00e9curit\u00e9 dans son logiciel de bureau et d&#8217;acc\u00e8s \u00e0 distance ScreenConnect, y compris un bug critique qui pourrait permettre l&#8217;ex\u00e9cution de code \u00e0 distance sur les syst\u00e8mes concern\u00e9s. Le vuln\u00e9rabilit\u00e9squi manquent actuellement d&#8217;identifiants CVE, sont r\u00e9pertori\u00e9s ci-dessous [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1158733,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[200292,4168,121277,19981,5729,4165,4161,200267,429,73348,4806,4159,4171,6816,200271,617,200268,200269,200270,230995,128318,4172,4169,4166,4164],"class_list":["post-1158732","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-actualites-sur-la-cybersecurite","tag-comment-pirater","tag-connectwise","tag-corrigez","tag-critiques","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-cyberactualites","tag-dans","tag-detectees","tag-failles","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-logiciel","tag-logiciel-malveillant-rancongiciel","tag-maintenant","tag-mises-a-jour-sur-la-cybersecurite","tag-nouvelles-des-pirates","tag-nouvelles-sur-le-piratage","tag-screenconnect","tag-securite-des-informations","tag-securite-informatique","tag-securite-internet","tag-violation-de-donnees","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1158732","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=1158732"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1158732\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/1158733"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=1158732"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=1158732"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=1158732"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}