{"id":402717,"date":"2022-10-07T19:16:27","date_gmt":"2022-10-07T21:16:27","guid":{"rendered":"https:\/\/teknomers.com\/fr\/fortinet-met-en-garde-contre-une-nouvelle-faille-de-contournement-dauthentification-affectant-fortigate-et-fortiproxy\/"},"modified":"2022-10-07T19:16:28","modified_gmt":"2022-10-07T21:16:28","slug":"fortinet-met-en-garde-contre-une-nouvelle-faille-de-contournement-dauthentification-affectant-fortigate-et-fortiproxy","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/fortinet-met-en-garde-contre-une-nouvelle-faille-de-contournement-dauthentification-affectant-fortigate-et-fortiproxy\/","title":{"rendered":"Fortinet met en garde contre une nouvelle faille de contournement d&#8217;authentification affectant FortiGate et FortiProxy"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both\"><\/div>\n<p>Fortinet a averti en priv\u00e9 ses clients d&#8217;une faille de s\u00e9curit\u00e9 affectant les pare-feu FortiGate et les proxys Web FortiProxy qui pourraient potentiellement permettre \u00e0 un attaquant d&#8217;effectuer des actions non autoris\u00e9es sur des appareils sensibles.<\/p>\n<p>Suivi comme <strong>CVE-2022-40684<\/strong>la faille de gravit\u00e9 \u00e9lev\u00e9e concerne un <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/Gi7w0rm\/status\/1578305143530848256\" target=\"_blank\">vuln\u00e9rabilit\u00e9 de contournement d&#8217;authentification<\/a> qui pourrait permettre \u00e0 un adversaire non authentifi\u00e9 d&#8217;effectuer des op\u00e9rations arbitraires sur l&#8217;interface d&#8217;administration.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/strike-d\" target=\"_blank\" title=\"DevOps backupy\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/08\/La-nouvelle-vulnerabilite-Amazon-Ring-aurait-pu-exposer-tous-vos.png\" width=\"300\" height=\"250\" \/><\/a><\/div>\n<p>Le probl\u00e8me affecte les versions suivantes et a \u00e9t\u00e9 r\u00e9solu dans les versions FortiOS <a rel=\"nofollow noopener\" href=\"https:\/\/docs.fortinet.com\/document\/fortigate\/7.0.7\/fortios-release-notes\/289806\/resolved-issues\" target=\"_blank\">7.0.7<\/a> et <a rel=\"nofollow noopener\" href=\"https:\/\/docs.fortinet.com\/document\/fortigate\/7.2.2\/fortios-release-notes\/289806\/resolved-issues\" target=\"_blank\">7.2.2<\/a>et version FortiProxy <a rel=\"nofollow noopener\" href=\"https:\/\/docs.fortinet.com\/document\/fortiproxy\/7.0.7\/release-notes\/534553\/resolved-issues\" target=\"_blank\">7.0.7<\/a> sorti cette semaine &#8211;<\/p>\n<ul>\n<li>FortiOS &#8211; De 7.0.0 \u00e0 7.0.6 et de 7.2.0 \u00e0 7.2.1<\/li>\n<li>FortiProxy &#8211; De 7.0.0 \u00e0 7.0.6 et 7.2.0<\/li>\n<\/ul>\n<p>&#8220;En raison de la possibilit\u00e9 d&#8217;exploiter ce probl\u00e8me \u00e0 distance, Fortinet recommande fortement \u00e0 tous les clients disposant des versions vuln\u00e9rables d&#8217;effectuer une mise \u00e0 niveau imm\u00e9diate&#8221;, a d\u00e9clar\u00e9 la soci\u00e9t\u00e9. <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/Gi7w0rm\/status\/1578305143530848256\" target=\"_blank\">mis en garde<\/a> dans une alerte partag\u00e9e par un chercheur en s\u00e9curit\u00e9 nomm\u00e9 Gitworm sur Twitter.<\/p>\n<p>Lorsqu&#8217;il a \u00e9t\u00e9 contact\u00e9 pour un commentaire, Fortinet a accus\u00e9 r\u00e9ception de l&#8217;avis et a not\u00e9 qu&#8217;il retardait l&#8217;avis public jusqu&#8217;\u00e0 ce que ses clients aient appliqu\u00e9 les correctifs.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/crowd-mid-d\" target=\"_blank\" title=\"CyberSecurity\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/08\/Google-Cloud-bloque-une-attaque-DDoS-record-de-46-millions.png\" width=\"728\" height=\"90\" \/><\/a><\/div>\n<p>&#8220;Une communication rapide et continue avec nos clients est un \u00e9l\u00e9ment cl\u00e9 de nos efforts pour prot\u00e9ger et s\u00e9curiser au mieux leur organisation&#8221;, a d\u00e9clar\u00e9 la soci\u00e9t\u00e9 dans un communiqu\u00e9 partag\u00e9 avec The Hacker News.  &#8220;Les communications avec les clients d\u00e9taillent souvent les conseils les plus r\u00e9cents et les prochaines \u00e9tapes recommand\u00e9es pour mieux prot\u00e9ger et s\u00e9curiser leur organisation.&#8221;<\/p>\n<p>&#8220;Il existe des cas o\u00f9 les communications pr\u00e9alables confidentielles avec les clients peuvent inclure des avertissements pr\u00e9coces sur les avis permettant aux clients de renforcer davantage leur s\u00e9curit\u00e9, qui seront ensuite rendus publics dans les prochains jours \u00e0 un public plus large. La s\u00e9curit\u00e9 de nos clients est notre premi\u00e8re priorit\u00e9. &#8220;<\/p>\n<p><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2022\/10\/fortinet-warns-of-new-auth-bypass-flaw.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Fortinet a averti en priv\u00e9 ses clients d&#8217;une faille de s\u00e9curit\u00e9 affectant les pare-feu FortiGate et les proxys Web FortiProxy qui pourraient potentiellement permettre \u00e0 un attaquant d&#8217;effectuer des actions non autoris\u00e9es sur des appareils sensibles. Suivi comme CVE-2022-40684la faille de gravit\u00e9 \u00e9lev\u00e9e concerne un vuln\u00e9rabilit\u00e9 de contournement d&#8217;authentification qui pourrait permettre \u00e0 un adversaire [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":402718,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[34911,4168,20618,841,4158,4165,4161,33458,9048,115103,87014,115104,525,4157,4159,4171,4170,4167,4955,4160,197,4163,4162,4172,4169,196,4166,4164],"class_list":["post-402717","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-affectant","tag-comment-pirater","tag-contournement","tag-contre","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-dauthentification","tag-faille","tag-fortigate","tag-fortinet","tag-fortiproxy","tag-garde","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-logiciel-malveillant-de-ransomware","tag-met","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelle","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-securite-informatique","tag-securite-internet","tag-une","tag-violation-de-donnees","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/402717","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=402717"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/402717\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/402718"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=402717"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=402717"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=402717"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}