{"id":378935,"date":"2022-09-23T09:03:38","date_gmt":"2022-09-23T11:03:38","guid":{"rendered":"https:\/\/teknomers.com\/fr\/la-cisa-met-en-garde-contre-les-pirates-exploitant-la-vulnerabilite-recente-de-zoho-manageengine\/"},"modified":"2022-09-23T09:03:39","modified_gmt":"2022-09-23T11:03:39","slug":"la-cisa-met-en-garde-contre-les-pirates-exploitant-la-vulnerabilite-recente-de-zoho-manageengine","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/la-cisa-met-en-garde-contre-les-pirates-exploitant-la-vulnerabilite-recente-de-zoho-manageengine\/","title":{"rendered":"La CISA met en garde contre les pirates exploitant la vuln\u00e9rabilit\u00e9 r\u00e9cente de Zoho ManageEngine"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both\"><\/div>\n<p>Jeudi, l&#8217;Agence am\u00e9ricaine de cybers\u00e9curit\u00e9 et de s\u00e9curit\u00e9 des infrastructures (CISA) <a rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/current-activity\/2022\/09\/22\/cisa-has-added-one-known-exploited-vulnerability-catalog\" target=\"_blank\">ajout\u00e9e<\/a> une faille de s\u00e9curit\u00e9 r\u00e9cemment r\u00e9v\u00e9l\u00e9e dans Zoho ManageEngine \u00e0 ses vuln\u00e9rabilit\u00e9s exploit\u00e9es connues (<a rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\" target=\"_blank\">KEV<\/a>) Catalogue, citant des preuves d&#8217;exploitation active.<\/p>\n<p>&#8220;Zoho ManageEngine PAM360, Password Manager Pro et Access Manager Plus contiennent une vuln\u00e9rabilit\u00e9 non sp\u00e9cifi\u00e9e qui permet l&#8217;ex\u00e9cution de code \u00e0 distance&#8221;, a d\u00e9clar\u00e9 l&#8217;agence dans un avis.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/strike-d\" target=\"_blank\" title=\"DevOps backupy\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/08\/La-nouvelle-vulnerabilite-Amazon-Ring-aurait-pu-exposer-tous-vos.png\" width=\"300\" height=\"250\" \/><\/a><\/div>\n<p>La <a rel=\"nofollow noopener\" href=\"https:\/\/www.manageengine.com\/products\/passwordmanagerpro\/advisory\/rce.html\" target=\"_blank\">vuln\u00e9rabilit\u00e9 critique<\/a>suivi comme <a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-35405\" target=\"_blank\">CVE-2022-35405<\/a>est not\u00e9 9,8 sur 10 pour la gravit\u00e9 sur le syst\u00e8me de notation CVSS et a \u00e9t\u00e9 corrig\u00e9 par Zoho dans le cadre des mises \u00e0 jour publi\u00e9es le 24 juin 2022.<\/p>\n<p>Bien que la nature exacte de la faille reste inconnue, la soci\u00e9t\u00e9 de solutions d&#8217;entreprise bas\u00e9e en Inde <a rel=\"nofollow noopener\" href=\"https:\/\/www.manageengine.com\/products\/passwordmanagerpro\/advisory\/cve-2022-35405.html\" target=\"_blank\">a dit<\/a> il a r\u00e9solu le probl\u00e8me en supprimant les composants vuln\u00e9rables qui pourraient conduire \u00e0 l&#8217;ex\u00e9cution \u00e0 distance de code arbitraire.<\/p>\n<p>Zoho a \u00e9galement mis en garde contre la disponibilit\u00e9 publique d&#8217;un exploit de preuve de concept (PoC) pour la vuln\u00e9rabilit\u00e9, ce qui rend imp\u00e9ratif que les clients agissent rapidement pour mettre \u00e0 niveau les instances de Password Manager Pro, PAM360 et Access Manager Plus d\u00e8s que possible.<\/p>\n<p>\u00c0 la lumi\u00e8re de l&#8217;exploitation active dans la nature, les agences du Federal Civilian Executive Branch (FCEB) sont tenues d&#8217;appliquer les correctifs fournis par le fournisseur d&#8217;ici le 13 octobre 2022.<\/p>\n<p><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2022\/09\/cisa-warns-of-hackers-exploiting-recent.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Jeudi, l&#8217;Agence am\u00e9ricaine de cybers\u00e9curit\u00e9 et de s\u00e9curit\u00e9 des infrastructures (CISA) ajout\u00e9e une faille de s\u00e9curit\u00e9 r\u00e9cemment r\u00e9v\u00e9l\u00e9e dans Zoho ManageEngine \u00e0 ses vuln\u00e9rabilit\u00e9s exploit\u00e9es connues (KEV) Catalogue, citant des preuves d&#8217;exploitation active. &#8220;Zoho ManageEngine PAM360, Password Manager Pro et Access Manager Plus contiennent une vuln\u00e9rabilit\u00e9 non sp\u00e9cifi\u00e9e qui permet l&#8217;ex\u00e9cution de code \u00e0 distance&#8221;, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":378936,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[4805,4168,841,4158,4165,4161,29063,525,4157,4159,4171,4170,65,4167,111135,4955,4160,4163,4162,4394,27730,4172,4169,4166,3667,4164,111134],"class_list":["post-378935","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-cisa","tag-comment-pirater","tag-contre","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-exploitant","tag-garde","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-les","tag-logiciel-malveillant-de-ransomware","tag-manageengine","tag-met","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-pirates","tag-recente","tag-securite-informatique","tag-securite-internet","tag-violation-de-donnees","tag-vulnerabilite","tag-vulnerabilite-logicielle","tag-zoho"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/378935","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=378935"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/378935\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/378936"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=378935"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=378935"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=378935"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}