{"id":204716,"date":"2022-06-16T04:40:04","date_gmt":"2022-06-16T06:40:04","guid":{"rendered":"https:\/\/teknomers.com\/fr\/une-faille-critique-dans-cisco-secure-email-and-web-manager-permet-aux-attaquants-de-contourner-lauthentification\/"},"modified":"2022-06-16T04:40:05","modified_gmt":"2022-06-16T06:40:05","slug":"une-faille-critique-dans-cisco-secure-email-and-web-manager-permet-aux-attaquants-de-contourner-lauthentification","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/une-faille-critique-dans-cisco-secure-email-and-web-manager-permet-aux-attaquants-de-contourner-lauthentification\/","title":{"rendered":"Une faille critique dans Cisco Secure Email and Web Manager permet aux attaquants de contourner l&#8217;authentification"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both\"><\/div>\n<p>Cisco a d\u00e9ploy\u00e9 mercredi des correctifs pour corriger une faille de s\u00e9curit\u00e9 critique affectant Email Security Appliance (ESA) et Secure Email and Web Manager qui pourrait \u00eatre exploit\u00e9e par un attaquant distant non authentifi\u00e9 pour contourner l&#8217;authentification.<\/p>\n<p>Attribu\u00e9 l&#8217;identifiant CVE <a rel=\"nofollow noopener\" href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-sma-esa-auth-bypass-66kEcxQD\" target=\"_blank\">CVE-2022-20798<\/a>la vuln\u00e9rabilit\u00e9 de contournement est not\u00e9e 9,8 sur un maximum de 10 sur le syst\u00e8me de notation CVSS et provient de v\u00e9rifications d&#8217;authentification incorrectes lorsqu&#8217;un p\u00e9riph\u00e9rique affect\u00e9 utilise le protocole l\u00e9ger d&#8217;acc\u00e8s \u00e0 un r\u00e9pertoire (<a rel=\"nofollow noopener\" href=\"https:\/\/en.wikipedia.org\/wiki\/Lightweight_Directory_Access_Protocol\" target=\"_blank\">LDAP<\/a>) pour l&#8217;authentification externe.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/backup-bitbucket\" target=\"_blank\" title=\"DevOps backupy\"><img loading=\"lazy\" decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/05\/Microsoft-met-en-garde-contre-les-ecumeurs-Web-imitant-Google.png\" width=\"300\" height=\"250\" \/><\/a><\/div>\n<p>&#8220;Un attaquant pourrait exploiter cette vuln\u00e9rabilit\u00e9 en saisissant une entr\u00e9e sp\u00e9cifique sur la page de connexion de l&#8217;appareil concern\u00e9&#8221;, a not\u00e9 Cisco dans un avis.  &#8220;Un exploit r\u00e9ussi pourrait permettre \u00e0 l&#8217;attaquant d&#8217;obtenir un acc\u00e8s non autoris\u00e9 \u00e0 l&#8217;interface de gestion Web de l&#8217;appareil concern\u00e9.&#8221;<\/p>\n<p>La faille, qui, selon elle, a \u00e9t\u00e9 identifi\u00e9e lors de la r\u00e9solution d&#8217;un cas de centre d&#8217;assistance technique (TAC), affecte ESA et Secure Email and Web Manager ex\u00e9cutant les versions vuln\u00e9rables du logiciel AsyncOS 11 et ant\u00e9rieures, 12, 12.x, 13, 13.x, 14 et 14.x et lorsque les deux conditions suivantes sont remplies &#8211;<\/p>\n<ul>\n<li>Les appareils sont configur\u00e9s pour utiliser l&#8217;authentification externe, et<\/li>\n<li>Les appareils utilisent LDAP comme protocole d&#8217;authentification<\/li>\n<\/ul>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/crowdsec-tour-d\" target=\"_blank\" title=\"CyberSecurity\"><img loading=\"lazy\" decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/04\/1650021915_454_Haskers-Gang-donne-gratuitement-le-logiciel-malveillant-ZingoStealer-a-dautres.jpg\" width=\"728\" height=\"90\" \/><\/a><\/div>\n<p>Par ailleurs, Cisco a \u00e9galement inform\u00e9 les clients d&#8217;une autre faille critique affectant ses routeurs Small Business RV110W, RV130, RV130W et RV215W qui pourrait permettre \u00e0 un adversaire distant non authentifi\u00e9 d&#8217;ex\u00e9cuter du code arbitraire ou de provoquer le red\u00e9marrage inattendu d&#8217;un appareil affect\u00e9, entra\u00eenant un d\u00e9ni de service. (DoS).<\/p>\n<p>Le bug, suivi comme <a rel=\"nofollow noopener\" href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-sb-rv-overflow-s2r82P9v\" target=\"_blank\">CVE-2022-20825<\/a> (score CVSS\u00a0: 9,8), concerne un cas de validation insuffisante des entr\u00e9es utilisateur des paquets HTTP entrants.  Cependant, Cisco a d\u00e9clar\u00e9 qu&#8217;il ne pr\u00e9voyait pas de publier des mises \u00e0 jour logicielles ni des solutions de contournement pour r\u00e9soudre la faille, car les produits ont atteint la fin de leur vie.<\/p>\n<p><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2022\/06\/critical-flaw-in-cisco-secure-email-and.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cisco a d\u00e9ploy\u00e9 mercredi des correctifs pour corriger une faille de s\u00e9curit\u00e9 critique affectant Email Security Appliance (ESA) et Secure Email and Web Manager qui pourrait \u00eatre exploit\u00e9e par un attaquant distant non authentifi\u00e9 pour contourner l&#8217;authentification. Attribu\u00e9 l&#8217;identifiant CVE CVE-2022-20798la vuln\u00e9rabilit\u00e9 de contournement est not\u00e9e 9,8 sur un maximum de 10 sur le syst\u00e8me [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":204717,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[11865,507,5859,4168,11696,22,4158,4165,4161,429,38079,9048,4157,4159,4171,4170,54519,4167,7842,4160,4163,4162,9701,78891,4172,4169,196,4166,4164,2784],"class_list":["post-204716","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-attaquants","tag-aux","tag-cisco","tag-comment-pirater","tag-contourner","tag-critique","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-dans","tag-email","tag-faille","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-lauthentification","tag-logiciel-malveillant-de-ransomware","tag-manager","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-permet","tag-secure","tag-securite-informatique","tag-securite-internet","tag-une","tag-violation-de-donnees","tag-vulnerabilite-logicielle","tag-web"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/204716","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=204716"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/204716\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/204717"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=204716"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=204716"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=204716"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}