{"id":296667,"date":"2022-08-05T04:24:22","date_gmt":"2022-08-05T06:24:22","guid":{"rendered":"https:\/\/teknomers.com\/fr\/cisa-ajoute-la-vulnerabilite-de-messagerie-zimbra-a-son-catalogue-de-vulnerabilites-exploitees\/"},"modified":"2022-08-05T04:24:23","modified_gmt":"2022-08-05T06:24:23","slug":"cisa-ajoute-la-vulnerabilite-de-messagerie-zimbra-a-son-catalogue-de-vulnerabilites-exploitees","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/cisa-ajoute-la-vulnerabilite-de-messagerie-zimbra-a-son-catalogue-de-vulnerabilites-exploitees\/","title":{"rendered":"CISA ajoute la vuln\u00e9rabilit\u00e9 de messagerie Zimbra \u00e0 son catalogue de vuln\u00e9rabilit\u00e9s exploit\u00e9es"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both\"><\/div>\n<p>L&#8217;agence am\u00e9ricaine de cybers\u00e9curit\u00e9 et de s\u00e9curit\u00e9 des infrastructures (CISA) a ajout\u00e9 jeudi une vuln\u00e9rabilit\u00e9 de haute gravit\u00e9 r\u00e9cemment r\u00e9v\u00e9l\u00e9e dans la suite de messagerie Zimbra \u00e0 son <a rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\" target=\"_blank\">Catalogue des vuln\u00e9rabilit\u00e9s exploit\u00e9es connues<\/a>en citant <a rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/current-activity\/2022\/08\/04\/cisa-adds-one-known-exploited-vulnerability-catalog\" target=\"_blank\">preuve d&#8217;exploitation active<\/a>.<\/p>\n<p>Le probl\u00e8me en question est CVE-2022-27924 (score CVSS : 7,5), une faille d&#8217;injection de commandes dans la plateforme qui pourrait conduire \u00e0 l&#8217;ex\u00e9cution de commandes Memcached arbitraires et au vol d&#8217;informations sensibles.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/strike-d\" target=\"_blank\" title=\"DevOps backupy\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/07\/Une-nouvelle-etude-revele-que-la-plupart-des-fournisseurs-dentreprise.png\" width=\"300\" height=\"250\" \/><\/a><\/div>\n<p>&#8220;Zimbra Collaboration (ZCS) permet \u00e0 un attaquant d&#8217;injecter des commandes memcached dans une instance cibl\u00e9e, ce qui provoque un \u00e9crasement d&#8217;entr\u00e9es arbitraires en cache&#8221;, a d\u00e9clar\u00e9 CISA.<\/p>\n<p>Plus pr\u00e9cis\u00e9ment, le bogue concerne un cas de validation insuffisante de l&#8217;entr\u00e9e utilisateur qui, si elle est exploit\u00e9e avec succ\u00e8s, pourrait permettre aux attaquants de voler les informations d&#8217;identification en clair des utilisateurs des instances Zimbra cibl\u00e9es.<\/p>\n<p><a href=\"https:\/\/www.youtube.com\/watch?v=GIgHZrPrGug\" rel=\"nofollow noopener\" target=\"_blank\">https:\/\/www.youtube.com\/watch?v=GIgHZrPrGug<\/a><\/p>\n<p>Le probl\u00e8me a \u00e9t\u00e9 r\u00e9v\u00e9l\u00e9 par SonarSource en juin, avec <a rel=\"nofollow noopener\" href=\"https:\/\/blog.zimbra.com\/2022\/05\/new-zimbra-security-patches-9-0-0-patch-24-1-and-8-8-15-patch-31-1\/\" target=\"_blank\">correctifs<\/a> publi\u00e9 par Zimbra le 10 mai 2022, dans les versions 8.8.15 P31.1 et 9.0.0 P24.1.<\/p>\n<p>La CISA n&#8217;a pas partag\u00e9 les d\u00e9tails techniques des attaques qui exploitent la vuln\u00e9rabilit\u00e9 dans la nature et ne l&#8217;a pas encore attribu\u00e9e \u00e0 un certain acteur mena\u00e7ant.<\/p>\n<p>Compte tenu de l&#8217;exploitation active de la faille, il est recommand\u00e9 aux utilisateurs d&#8217;appliquer les mises \u00e0 jour du logiciel pour r\u00e9duire leur exposition \u00e0 d&#8217;\u00e9ventuelles cyberattaques.<\/p>\n<p><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2022\/08\/cisa-adds-zimbra-email-vulnerability-to.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>L&#8217;agence am\u00e9ricaine de cybers\u00e9curit\u00e9 et de s\u00e9curit\u00e9 des infrastructures (CISA) a ajout\u00e9 jeudi une vuln\u00e9rabilit\u00e9 de haute gravit\u00e9 r\u00e9cemment r\u00e9v\u00e9l\u00e9e dans la suite de messagerie Zimbra \u00e0 son Catalogue des vuln\u00e9rabilit\u00e9s exploit\u00e9es connuesen citant preuve d&#8217;exploitation active. Le probl\u00e8me en question est CVE-2022-27924 (score CVSS : 7,5), une faille d&#8217;injection de commandes dans la plateforme [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":296668,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[12361,12364,4805,4168,4158,4165,4161,4808,4157,4159,4171,4170,4167,6817,4160,4163,4162,4172,4169,167,4166,3667,4164,12365,12362],"class_list":["post-296667","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-ajoute","tag-catalogue","tag-cisa","tag-comment-pirater","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-exploitees","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-logiciel-malveillant-de-ransomware","tag-messagerie","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-securite-informatique","tag-securite-internet","tag-son","tag-violation-de-donnees","tag-vulnerabilite","tag-vulnerabilite-logicielle","tag-vulnerabilites","tag-zimbra"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/296667","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=296667"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/296667\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/296668"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=296667"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=296667"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=296667"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}