{"id":380545,"date":"2022-09-24T08:06:38","date_gmt":"2022-09-24T10:06:38","guid":{"rendered":"https:\/\/teknomers.com\/fr\/les-pirates-exploitent-activement-la-nouvelle-vulnerabilite-rce-du-pare-feu-sophos\/"},"modified":"2022-09-24T08:06:39","modified_gmt":"2022-09-24T10:06:39","slug":"les-pirates-exploitent-activement-la-nouvelle-vulnerabilite-rce-du-pare-feu-sophos","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/les-pirates-exploitent-activement-la-nouvelle-vulnerabilite-rce-du-pare-feu-sophos\/","title":{"rendered":"Les pirates exploitent activement la nouvelle vuln\u00e9rabilit\u00e9 RCE du pare-feu Sophos"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both\"><\/div>\n<p>La soci\u00e9t\u00e9 de logiciels de s\u00e9curit\u00e9 Sophos a mis en garde contre les cyberattaques ciblant une vuln\u00e9rabilit\u00e9 critique r\u00e9cemment corrig\u00e9e dans son produit de pare-feu.<\/p>\n<p>Le probl\u00e8me, suivi comme <a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-3236\" target=\"_blank\">CVE-2022-3236<\/a> (score CVSS : 9,8), impacte Sophos Firewall v19.0 MR1 (19.0.1) et versions ant\u00e9rieures et concerne une vuln\u00e9rabilit\u00e9 d&#8217;injection de code dans les composants User Portal et Webadmin qui pourrait entra\u00eener l&#8217;ex\u00e9cution de code \u00e0 distance.<\/p>\n<p>L&#8217;entreprise <a rel=\"nofollow noopener\" href=\"https:\/\/www.sophos.com\/en-us\/security-advisories\/sophos-sa-20220923-sfos-rce\" target=\"_blank\">a dit<\/a> il &#8220;a observ\u00e9 que cette vuln\u00e9rabilit\u00e9 \u00e9tait utilis\u00e9e pour cibler un petit ensemble d&#8217;organisations sp\u00e9cifiques, principalement dans la r\u00e9gion de l&#8217;Asie du Sud&#8221;, ajoutant qu&#8217;il avait directement notifi\u00e9 ces entit\u00e9s.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/strike-d\" target=\"_blank\" title=\"DevOps backupy\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/08\/La-nouvelle-vulnerabilite-Amazon-Ring-aurait-pu-exposer-tous-vos.png\" width=\"300\" height=\"250\" \/><\/a><\/div>\n<p>Comme solution de contournement, Sophos recommande aux utilisateurs de prendre des mesures pour s&#8217;assurer que le portail utilisateur et Webadmin ne sont pas expos\u00e9s au WAN.  Alternativement, les utilisateurs peuvent mettre \u00e0 jour vers la derni\u00e8re version prise en charge &#8211;<\/p>\n<ul>\n<li>v19.5\u00a0GA<\/li>\n<li>v19.0 MR2 (19.0.2)<\/li>\n<li>v19.0\u00a0GA, MR1 et MR1-1<\/li>\n<li>v18.5 MR5 (18.5.5)<\/li>\n<li>v18.5\u00a0GA, MR1, MR1-1, MR2, MR3 et MR4<\/li>\n<li>v18.0 MR3, MR4, MR5 et MR6<\/li>\n<li>v17.5 MR12, MR13, MR14, MR15, MR16 et MR17<\/li>\n<li>v17.0 MR10<\/li>\n<\/ul>\n<p>Les utilisateurs ex\u00e9cutant des versions plus anciennes de Sophos Firewall doivent effectuer une mise \u00e0 niveau pour recevoir les derni\u00e8res protections et les correctifs correspondants.<\/p>\n<p>Ce d\u00e9veloppement marque la deuxi\u00e8me fois qu&#8217;une vuln\u00e9rabilit\u00e9 de Sophos Firewall fait l&#8217;objet d&#8217;attaques actives en un an.  Plus t\u00f4t en mars, une autre faille (CVE-2022-1040) a \u00e9t\u00e9 utilis\u00e9e pour cibler des organisations de la r\u00e9gion de l&#8217;Asie du Sud.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/crowd-mid-d\" target=\"_blank\" title=\"CyberSecurity\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/08\/Google-Cloud-bloque-une-attaque-DDoS-record-de-46-millions.png\" width=\"728\" height=\"90\" \/><\/a><\/div>\n<p>Puis, en juin 2022, la soci\u00e9t\u00e9 de cybers\u00e9curit\u00e9 Volexity a partag\u00e9 plus de d\u00e9tails sur la campagne d&#8217;attaque, \u00e9pinglant les intrusions sur une menace persistante avanc\u00e9e (APT) chinoise connue sous le nom de DriftingCloud.<\/p>\n<p>Les appliances de pare-feu Sophos ont \u00e9galement d\u00e9j\u00e0 \u00e9t\u00e9 attaqu\u00e9es pour d\u00e9ployer ce qu&#8217;on appelle le <a rel=\"nofollow noopener\" href=\"https:\/\/news.sophos.com\/en-us\/2020\/04\/26\/asnarok\/\" target=\"_blank\">Cheval de Troie Asnar\u00f6k<\/a> dans le but de siphonner des informations sensibles.<\/p>\n<p><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2022\/09\/hackers-actively-exploiting-new-sophos.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>La soci\u00e9t\u00e9 de logiciels de s\u00e9curit\u00e9 Sophos a mis en garde contre les cyberattaques ciblant une vuln\u00e9rabilit\u00e9 critique r\u00e9cemment corrig\u00e9e dans son produit de pare-feu. Le probl\u00e8me, suivi comme CVE-2022-3236 (score CVSS : 9,8), impacte Sophos Firewall v19.0 MR1 (19.0.1) et versions ant\u00e9rieures et concerne une vuln\u00e9rabilit\u00e9 d&#8217;injection de code dans les composants User Portal [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":380546,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[4807,4168,4158,4165,4161,8736,4157,4159,4171,4170,65,4167,4160,197,4163,4162,5467,4394,22778,4172,4169,39086,4166,3667,4164],"class_list":["post-380545","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-activement","tag-comment-pirater","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-exploitent","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-les","tag-logiciel-malveillant-de-ransomware","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelle","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-parefeu","tag-pirates","tag-rce","tag-securite-informatique","tag-securite-internet","tag-sophos","tag-violation-de-donnees","tag-vulnerabilite","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/380545","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=380545"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/380545\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/380546"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=380545"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=380545"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=380545"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}