{"id":1545446,"date":"2025-02-18T22:10:34","date_gmt":"2025-02-19T00:10:34","guid":{"rendered":"https:\/\/teknomers.com\/fr\/session-des-juniper-la-vulnerabilite-des-routeurs-intelligents-pourrait-permettre-aux-attaquants-de-contourner-lauthentification\/"},"modified":"2025-02-18T22:10:40","modified_gmt":"2025-02-19T00:10:40","slug":"session-des-juniper-la-vulnerabilite-des-routeurs-intelligents-pourrait-permettre-aux-attaquants-de-contourner-lauthentification","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/session-des-juniper-la-vulnerabilite-des-routeurs-intelligents-pourrait-permettre-aux-attaquants-de-contourner-lauthentification\/","title":{"rendered":"Session des Juniper La vuln\u00e9rabilit\u00e9 des routeurs intelligents pourrait permettre aux attaquants de contourner l&#8217;authentification"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">18 f\u00e9vrier 2025<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><\/span><span class=\"p-tags\">Vuln\u00e9rabilit\u00e9 \/ s\u00e9curit\u00e9 du r\u00e9seau<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2025\/02\/Session-des-Juniper-La-vulnerabilite-des-routeurs-intelligents-pourrait-permettre.png\" style=\"display: block;  text-align: center; clear: left; float: left;\"><\/a><\/div>\n<p>Juniper Networks a publi\u00e9 des mises \u00e0 jour de s\u00e9curit\u00e9 pour aborder un routeur intelligent de la session de s\u00e9curit\u00e9 de s\u00e9curit\u00e9, un conducteur intelligent de session et des produits de routeur d&#8217;assurance WAN qui pourraient \u00eatre exploit\u00e9s pour contr\u00f4ler le contr\u00f4le des appareils sensibles.<\/p>\n<p>Suivi comme <strong>CVE-2025-21589<\/strong>la vuln\u00e9rabilit\u00e9 comporte un score CVSS V3.1 de 9,8 et un score CVS V4 de 9,3.<\/p>\n<p>&#8220;Un contournement d&#8217;authentification \u00e0 l&#8217;aide d&#8217;un autre chemin ou d&#8217;une vuln\u00e9rabilit\u00e9 de canal dans le routeur intelligent de la session Juniper Networks peut permettre \u00e0 un attaquant bas\u00e9 sur le r\u00e9seau de contourner l&#8217;authentification et de prendre le contr\u00f4le administratif de l&#8217;appareil&#8221;, la soci\u00e9t\u00e9 <a rel=\"noopener nofollow\" href=\"https:\/\/supportportal.juniper.net\/s\/article\/2025-02-Out-of-Cycle-Security-Bulletin-Session-Smart-Router-Session-Smart-Conductor-WAN-Assurance-Router-API-Authentication-Bypass-Vulnerability-CVE-2025-21589?language=en_US\" target=\"_blank\">dit<\/a> dans un avis.<\/p>\n<p>La vuln\u00e9rabilit\u00e9 a un impact sur les produits et versions suivants &#8211;<\/p>\n<ul>\n<li>Session Smart Router: \u00e0 partir de 5.6.7 avant 5.6.17, \u00e0 partir de 6.0.8, \u00e0 partir de 6.1 avant 6.1.12-lts, \u00e0 partir de 6,2 avant 6.2.8-lts, et de 6.3 avant 6.3.3-R2<\/li>\n<li>Session Conducteur intelligent: \u00e0 partir de 5.6.7 avant 5.6.17, \u00e0 partir de 6.0.8, \u00e0 partir de 6.1 avant 6.1.12-lts, \u00e0 partir de 6,2 avant 6.2.8-lts, et de 6,3 avant 6.3.3-R2<\/li>\n<li>Routeurs g\u00e9r\u00e9s d&#8217;assurance WAN: \u00e0 partir de 5.6.7 avant 5,6.17, \u00e0 partir de 6,0,8, \u00e0 partir de 6,1 avant 6,1.12-lts, \u00e0 partir de 6,2 avant 6.2.8-lts, et de 6,3 avant 6.3.3-R2<\/li>\n<\/ul>\n<div class=\"dog_two clear\"><center class=\"cf\"><a rel=\"nofollow noopener sponsored\" href=\"https:\/\/thehackernews.uk\/saas-security-v2-d\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybers\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2025\/02\/1738603713_19_PYPI-introduit-le-statut-darchives-pour-alerter-les-utilisateurs-sur.png\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>Juniper Networks a d\u00e9clar\u00e9 que la vuln\u00e9rabilit\u00e9 avait \u00e9t\u00e9 d\u00e9couverte lors des tests et des recherches de s\u00e9curit\u00e9 des produits internes, et qu&#8217;il n&#8217;est au courant d&#8217;aucune exploitation malveillante.<\/p>\n<p>Le d\u00e9faut a \u00e9t\u00e9 trait\u00e9 dans les versions de routeur intelligent de session SSR-5.6.17, SSR-6.1.12-LTS, SSR-6.2.8-LTS, SSR-6.3.3-R2, et plus tard.<\/p>\n<p>&#8220;Cette vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e automatiquement sur les appareils qui fonctionnent avec WAN Assurance (o\u00f9 la configuration est \u00e9galement g\u00e9r\u00e9e) connect\u00e9e au cloud Mist&#8221;, a ajout\u00e9 la soci\u00e9t\u00e9. &#8220;Comme pratique, les routeurs devraient toujours \u00eatre mis \u00e0 niveau vers une version contenant le correctif.&#8221;<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant? Suivez-nous <a rel=\"noopener nofollow\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Gazouillement <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"noopener nofollow\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">Liendin<\/a> Pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2025\/02\/juniper-session-smart-routers.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80218 f\u00e9vrier 2025\ue804Ravie LakshmananVuln\u00e9rabilit\u00e9 \/ s\u00e9curit\u00e9 du r\u00e9seau Juniper Networks a publi\u00e9 des mises \u00e0 jour de s\u00e9curit\u00e9 pour aborder un routeur intelligent de la session de s\u00e9curit\u00e9 de s\u00e9curit\u00e9, un conducteur intelligent de session et des produits de routeur d&#8217;assurance WAN qui pourraient \u00eatre exploit\u00e9s pour contr\u00f4ler le contr\u00f4le des appareils sensibles. Suivi comme [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1545447,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[274266,274265,11865,507,4168,11696,79002,274264,4161,274263,6124,133,15071,90722,54519,274267,4160,5848,2102,29603,238617,246491,4172,13902,79016,4166,3667,4164],"class_list":["post-1545446","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-actualites-de-piratage","tag-actualites-des-pirates","tag-attaquants","tag-aux","tag-comment-pirater","tag-contourner","tag-cyber-security-news","tag-cyber-security-news-aujourdhui","tag-cyber-mises-a-jour","tag-cyber-nouvelles","tag-cyberattaques","tag-des","tag-intelligents","tag-juniper","tag-lauthentification","tag-malware-ransomware","tag-mises-a-jour-de-la-cybersecurite","tag-permettre","tag-pourrait","tag-routeurs","tag-securite-de-linformation","tag-securite-du-reseau","tag-securite-informatique","tag-session","tag-the-hacker-news","tag-violation-de-donnees","tag-vulnerabilite","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1545446","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=1545446"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1545446\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/1545447"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=1545446"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=1545446"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=1545446"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}