{"id":145079,"date":"2022-05-14T05:25:39","date_gmt":"2022-05-14T07:25:39","guid":{"rendered":"https:\/\/teknomers.com\/fr\/sonicwall-publie-des-correctifs-pour-les-nouvelles-failles-affectant-les-appareils-sslvpn-sma1000\/"},"modified":"2022-05-14T05:25:44","modified_gmt":"2022-05-14T07:25:44","slug":"sonicwall-publie-des-correctifs-pour-les-nouvelles-failles-affectant-les-appareils-sslvpn-sma1000","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/sonicwall-publie-des-correctifs-pour-les-nouvelles-failles-affectant-les-appareils-sslvpn-sma1000\/","title":{"rendered":"SonicWall publie des correctifs pour les nouvelles failles affectant les appareils SSLVPN SMA1000"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both\"><\/div>\n<p>SonicWall a publi\u00e9 un <a rel=\"nofollow noopener\" href=\"https:\/\/psirt.global.sonicwall.com\/vuln-detail\/SNWLID-2022-0009\" target=\"_blank\">consultatif<\/a> avertissement d&#8217;un trio de failles de s\u00e9curit\u00e9 dans ses appliances Secure Mobile Access (SMA) 1000, y compris une vuln\u00e9rabilit\u00e9 de contournement d&#8217;authentification de haute gravit\u00e9.<\/p>\n<p>Les faiblesses en question impactent les SMA 6200, 6210, 7200, 7210, 8000v ex\u00e9cutant les versions de firmware 12.4.0 et 12.4.1.  La liste des vuln\u00e9rabilit\u00e9s est ci-dessous &#8211;<\/p>\n<ul>\n<li><b>CVE-2022-22282<\/b> (Score CVSS : 8,2) &#8211; Contournement du contr\u00f4le d&#8217;acc\u00e8s non authentifi\u00e9<\/li>\n<li><b>CVE-2022-1702<\/b> (Score CVSS\u00a0: 6,1) &#8211; Redirection d&#8217;URL vers un site non approuv\u00e9 (redirection ouverte)<\/li>\n<li><b>CVE-2022-1701<\/b> (Score CVSS : 5,7) &#8211; Utilisation d&#8217;une cl\u00e9 cryptographique partag\u00e9e et cod\u00e9e en dur<\/li>\n<\/ul>\n<p>L&#8217;exploitation r\u00e9ussie des bogues susmentionn\u00e9s pourrait permettre \u00e0 un attaquant d&#8217;acc\u00e9der sans autorisation aux ressources internes et m\u00eame de rediriger les victimes potentielles vers des sites Web malveillants.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/crowdsec-tour-d\" target=\"_blank\" title=\"CyberSecurity\"><img loading=\"lazy\" decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" src=\"https:\/\/thehackernews.com\/new-images\/img\/b\/R29vZ2xl\/AVvXsEj6zHdXd3qpCksF0nkMkrjsOzaw-cxZGPHWoTEp9y7VPIeyPBFGsmIyIX8NTkqI1IDqnIXYnsZuIh4rc9f8TNUn7ndAZqtXc-t58X2oueTaL4Ijb4hgH-b183QvQ0ienXIipuOsqeLP5b8I2prKmp0RWvdZQgnKehVRKbqRQpin1JgfwlZeE_IB4EmesQ\/s1600\/crowdsec-728.jpg\" width=\"728\" height=\"90\" \/><\/a><\/div>\n<p>Tom Wyatt de l&#8217;\u00e9quipe de s\u00e9curit\u00e9 offensive de Mimecast a \u00e9t\u00e9 cr\u00e9dit\u00e9 d&#8217;avoir d\u00e9couvert et signal\u00e9 les vuln\u00e9rabilit\u00e9s.<\/p>\n<p>SonicWall a not\u00e9 que les failles n&#8217;affectent pas les versions ex\u00e9cutant la s\u00e9rie SMA 1000 ant\u00e9rieures \u00e0 12.4.0, la s\u00e9rie SMA 100, les serveurs de gestion centrale (CMS) et les clients d&#8217;acc\u00e8s \u00e0 distance.<\/p>\n<div class=\"separator\" style=\"clear: both\"><img decoding=\"async\" alt=\"Sonic Wall\" border=\"0\" data-original-height=\"541\" data-original-width=\"728\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/05\/1652513139_710_SonicWall-publie-des-correctifs-pour-les-nouvelles-failles-affectant-les.jpg\" title=\"Sonic Wall\" \/><\/div>\n<p>Bien qu&#8217;il n&#8217;y ait aucune preuve que ces vuln\u00e9rabilit\u00e9s soient exploit\u00e9es dans la nature, il est recommand\u00e9 aux utilisateurs d&#8217;appliquer les correctifs \u00e0 la lumi\u00e8re du fait que les appliances SonicWall ont pr\u00e9sent\u00e9 une cible attrayante dans le pass\u00e9 pour les attaques de ransomwares.<\/p>\n<p>&#8220;Il n&#8217;y a pas d&#8217;att\u00e9nuations temporaires&#8221;, la soci\u00e9t\u00e9 de s\u00e9curit\u00e9 r\u00e9seau <a rel=\"nofollow noopener\" href=\"https:\/\/www.sonicwall.com\/support\/knowledge-base\/security-notice-sma-1000-series-unauthenticated-access-control-bypass\/220510172939820\/\" target=\"_blank\">mentionn\u00e9<\/a>.  &#8220;SonicWall exhorte les clients concern\u00e9s \u00e0 mettre en \u0153uvre les correctifs applicables d\u00e8s que possible.&#8221;<\/p>\n<p><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2022\/05\/sonicwall-releases-patches-for-new.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>SonicWall a publi\u00e9 un consultatif avertissement d&#8217;un trio de failles de s\u00e9curit\u00e9 dans ses appliances Secure Mobile Access (SMA) 1000, y compris une vuln\u00e9rabilit\u00e9 de contournement d&#8217;authentification de haute gravit\u00e9. Les faiblesses en question impactent les SMA 6200, 6210, 7200, 7210, 8000v ex\u00e9cutant les versions de firmware 12.4.0 et 12.4.1. La liste des vuln\u00e9rabilit\u00e9s est [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":145080,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[34911,8737,4168,15954,4158,4165,4161,133,4806,4157,4159,4171,4170,65,4167,4160,120,4163,4162,185,2212,4172,4169,64828,39225,64827,4166,4164],"class_list":["post-145079","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-affectant","tag-appareils","tag-comment-pirater","tag-correctifs","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-des","tag-failles","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-les","tag-logiciel-malveillant-de-ransomware","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelles","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-pour","tag-publie","tag-securite-informatique","tag-securite-internet","tag-sma1000","tag-sonicwall","tag-sslvpn","tag-violation-de-donnees","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/145079","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=145079"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/145079\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/145080"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=145079"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=145079"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=145079"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}