{"id":1596059,"date":"2025-03-26T05:45:02","date_gmt":"2025-03-26T07:45:02","guid":{"rendered":"https:\/\/teknomers.com\/fr\/nouveaux-defauts-de-securite-trouves-dans-vmware-tools-et-crushftp-risque-eleve-pas-de-solution-de-contournement\/"},"modified":"2025-03-26T05:45:07","modified_gmt":"2025-03-26T07:45:07","slug":"nouveaux-defauts-de-securite-trouves-dans-vmware-tools-et-crushftp-risque-eleve-pas-de-solution-de-contournement","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/nouveaux-defauts-de-securite-trouves-dans-vmware-tools-et-crushftp-risque-eleve-pas-de-solution-de-contournement\/","title":{"rendered":"Nouveaux d\u00e9fauts de s\u00e9curit\u00e9 trouv\u00e9s dans VMware Tools et Crushftp &#8211; Risque \u00e9lev\u00e9, pas de solution de contournement"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">26 mars 2025<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><\/span><span class=\"p-tags\">Vuln\u00e9rabilit\u00e9 \/ s\u00e9curit\u00e9 des donn\u00e9es<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2025\/03\/Nouveaux-defauts-de-securite-trouves-dans-VMware-Tools-et-Crushftp.png\" style=\"display: block;  text-align: center;\"><\/a><\/div>\n<p>Broadcom a \u00e9mis des correctifs de s\u00e9curit\u00e9 pour aborder un d\u00e9faut de s\u00e9curit\u00e9 \u00e0 haute s\u00e9v\u00e9rit\u00e9 dans les outils VMware pour Windows qui pourraient conduire \u00e0 une contournement d&#8217;authentification.<\/p>\n<p>Suivi en CVE-2025-22230, la vuln\u00e9rabilit\u00e9 est not\u00e9e de 7,8 sur le syst\u00e8me de notation de vuln\u00e9rabilit\u00e9 commun \u00e0 dix points (CVSS).<\/p>\n<p>&#8220;VMware Tools for Windows contient une vuln\u00e9rabilit\u00e9 de contournement d&#8217;authentification en raison du contr\u00f4le d&#8217;acc\u00e8s incorrect&#8221; <a rel=\"noopener nofollow\" href=\"https:\/\/support.broadcom.com\/web\/ecx\/support-content-notification\/-\/external\/content\/SecurityAdvisories\/0\/25518\" target=\"_blank\">dit<\/a> Dans une alerte \u00e9mise mardi. &#8220;Un acteur malveillant avec des privil\u00e8ges non administratifs sur une machine virtuelle invit\u00e9 Windows peut gagner la possibilit\u00e9 d&#8217;effectuer certaines op\u00e9rations de haut niveau dans cette machine virtuelle.&#8221;<\/p>\n<p>Sergey Bliznyuk de la soci\u00e9t\u00e9 de cyberse -\u00e9curit\u00e9 russe est cr\u00e9dit\u00e9e et d\u00e9clar\u00e9e.<\/p>\n<div class=\"dog_two clear\"><center class=\"cf\"><a rel=\"nofollow noopener sponsored\" href=\"https:\/\/thehackernews.uk\/cloud-ai-d\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybers\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2025\/03\/VMware-Security-Flaws-exploite-dans-la-nature-BroadCom-publie.jpg\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>Le CVE-2025-22230 impact les outils VMware pour les versions Windows 11.xx et 12.xx Il a \u00e9t\u00e9 corrig\u00e9 dans la version 12.5.1. Il n&#8217;y a pas de solution de contournement qui r\u00e9sout le probl\u00e8me.<\/p>\n<h3>Crushftp r\u00e9v\u00e8le un nouveau d\u00e9faut<\/h3>\n<p>Le d\u00e9veloppement intervient alors que Crushftp a averti les clients d&#8217;une vuln\u00e9rabilit\u00e9 &#8220;HTTP (s) de port HTTP (s) non authentifi\u00e9e&#8221; affectant les versions Cratshftp 10 et 11. Il n&#8217;a pas encore \u00e9t\u00e9 attribu\u00e9 \u00e0 un identifiant CVE.<\/p>\n<p>&#8220;Ce probl\u00e8me affecte Crushftp V10 \/ V11 mais ne fonctionne pas si vous avez la fonction DMZ de Cratshftp en place&#8221;, la soci\u00e9t\u00e9 <a rel=\"noopener nofollow\" href=\"https:\/\/www.crushftp.com\/crush11wiki\/Wiki.jsp?page=Update\" target=\"_blank\">dit<\/a>. &#8220;La vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 divulgu\u00e9e de mani\u00e8re responsable, elle n&#8217;est pas utilis\u00e9e activement dans la nature que nous connaissons, aucun autre d\u00e9tail ne sera donn\u00e9 pour le moment.&#8221;<\/p>\n<p>Selon <a rel=\"noopener nofollow\" href=\"https:\/\/www.rapid7.com\/blog\/post\/2025\/03\/25\/etr-notable-vulnerabilities-in-next-js-cve-2025-29927\/\" target=\"_blank\">d\u00e9tails<\/a> Partag\u00e9e par la soci\u00e9t\u00e9 de cybers\u00e9curit\u00e9 Rapid7, une exploitation r\u00e9ussie de la vuln\u00e9rabilit\u00e9 pourrait conduire \u00e0 un acc\u00e8s non authentifi\u00e9 via un port HTTP (s) expos\u00e9.<\/p>\n<p>Avec des d\u00e9fauts de s\u00e9curit\u00e9 dans VMware et Crushftp pr\u00e9c\u00e9demment exploit\u00e9s par des acteurs malveillants, il est essentiel que les utilisateurs se d\u00e9placent rapidement pour appliquer les mises \u00e0 jour d\u00e8s que possible.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant? Suivez-nous <a rel=\"noopener nofollow\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Gazouillement <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"noopener nofollow\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">Liendin<\/a> Pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2025\/03\/new-security-flaws-found-in-vmware.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80226 mars 2025\ue804Ravie LakshmananVuln\u00e9rabilit\u00e9 \/ s\u00e9curit\u00e9 des donn\u00e9es Broadcom a \u00e9mis des correctifs de s\u00e9curit\u00e9 pour aborder un d\u00e9faut de s\u00e9curit\u00e9 \u00e0 haute s\u00e9v\u00e9rit\u00e9 dans les outils VMware pour Windows qui pourraient conduire \u00e0 une contournement d&#8217;authentification. Suivi en CVE-2025-22230, la vuln\u00e9rabilit\u00e9 est not\u00e9e de 7,8 sur le syst\u00e8me de notation de vuln\u00e9rabilit\u00e9 commun \u00e0 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1596060,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[274266,274265,4168,20618,289772,79002,274264,4161,274263,6124,429,37939,8268,274267,4160,4588,132,326,1835,238617,246491,4172,7189,79016,178800,22779,4166,34910,4164],"class_list":["post-1596059","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-actualites-de-piratage","tag-actualites-des-pirates","tag-comment-pirater","tag-contournement","tag-crushftp","tag-cyber-security-news","tag-cyber-security-news-aujourdhui","tag-cyber-mises-a-jour","tag-cyber-nouvelles","tag-cyberattaques","tag-dans","tag-defauts","tag-eleve","tag-malware-ransomware","tag-mises-a-jour-de-la-cybersecurite","tag-nouveaux","tag-pas","tag-risque","tag-securite","tag-securite-de-linformation","tag-securite-du-reseau","tag-securite-informatique","tag-solution","tag-the-hacker-news","tag-tools","tag-trouves","tag-violation-de-donnees","tag-vmware","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1596059","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=1596059"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1596059\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/1596060"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=1596059"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=1596059"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=1596059"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}