{"id":407782,"date":"2022-10-11T05:21:28","date_gmt":"2022-10-11T07:21:28","guid":{"rendered":"https:\/\/teknomers.com\/fr\/fortinet-met-en-garde-contre-lexploitation-active-dun-bogue-critique-de-contournement-dauthentification-recemment-decouvert\/"},"modified":"2022-10-11T05:21:29","modified_gmt":"2022-10-11T07:21:29","slug":"fortinet-met-en-garde-contre-lexploitation-active-dun-bogue-critique-de-contournement-dauthentification-recemment-decouvert","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/fortinet-met-en-garde-contre-lexploitation-active-dun-bogue-critique-de-contournement-dauthentification-recemment-decouvert\/","title":{"rendered":"Fortinet met en garde contre l&#8217;exploitation active d&#8217;un bogue critique de contournement d&#8217;authentification r\u00e9cemment d\u00e9couvert"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both\"><\/div>\n<p>Fortinet a r\u00e9v\u00e9l\u00e9 lundi que la vuln\u00e9rabilit\u00e9 de s\u00e9curit\u00e9 critique r\u00e9cemment corrig\u00e9e affectant ses produits de pare-feu et de proxy est activement exploit\u00e9e dans la nature.<\/p>\n<p>Suivie comme CVE-2022-40684 (score CVSS\u00a0: 9,6), la faille concerne un contournement d&#8217;authentification dans FortiOS, FortiProxy et FortiSwitchManager qui pourrait permettre \u00e0 un attaquant distant d&#8217;effectuer des op\u00e9rations non autoris\u00e9es sur l&#8217;interface administrative via des requ\u00eates HTTP(S) sp\u00e9cialement con\u00e7ues. .<\/p>\n<p>&#8220;Fortinet est au courant d&#8217;une instance o\u00f9 cette vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 exploit\u00e9e et recommande de valider imm\u00e9diatement vos syst\u00e8mes par rapport \u00e0 l&#8217;indicateur de compromis suivant dans les journaux de l&#8217;appareil\u00a0: user=&#8221;Local_Process_Access,&#8221;&#8221; la soci\u00e9t\u00e9 <a rel=\"nofollow noopener\" href=\"https:\/\/www.fortiguard.com\/psirt\/FG-IR-22-377\" target=\"_blank\">c&#8217;est not\u00e9<\/a> dans un avis.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/strike-d\" target=\"_blank\" title=\"DevOps backupy\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/08\/La-nouvelle-vulnerabilite-Amazon-Ring-aurait-pu-exposer-tous-vos.png\" width=\"300\" height=\"250\" \/><\/a><\/div>\n<p>La liste des appareils concern\u00e9s est ci-dessous &#8211;<\/p>\n<ul>\n<li>FortiOS versions 7.2.0 \u00e0 7.2.1<\/li>\n<li>FortiOS versions 7.0.0 \u00e0 7.0.6<\/li>\n<li>FortiProxy version 7.2.0<\/li>\n<li>FortiProxy version 7.0.0 \u00e0 7.0.6<\/li>\n<li>FortiSwitchManager version 7.2.0, et<\/li>\n<li>FortiSwitchManager version 7.0.0<\/li>\n<\/ul>\n<p>Des mises \u00e0 jour ont \u00e9t\u00e9 publi\u00e9es par la soci\u00e9t\u00e9 de s\u00e9curit\u00e9 dans les versions 7.0.7 et 7.2.2 de FortiOS, les versions 7.0.7 et 7.2.1 de FortiProxy et la version 7.2.1 de FortiSwitchManager.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/crowd-mid-d\" target=\"_blank\" title=\"CyberSecurity\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/08\/Google-Cloud-bloque-une-attaque-DDoS-record-de-46-millions.png\" width=\"728\" height=\"90\" \/><\/a><\/div>\n<p>La divulgation intervient quelques jours apr\u00e8s que Fortinet a envoy\u00e9 des &#8220;communications client confidentielles pr\u00e9alables&#8221; \u00e0 son client pour appliquer des correctifs afin d&#8217;att\u00e9nuer les attaques potentielles exploitant la faille.<\/p>\n<p>Si la mise \u00e0 jour vers la derni\u00e8re version n&#8217;est pas une option, il est recommand\u00e9 aux utilisateurs de d\u00e9sactiver l&#8217;interface d&#8217;administration HTTP\/HTTPS ou de limiter les adresses IP pouvant acc\u00e9der \u00e0 l&#8217;interface d&#8217;administration.<\/p>\n<p><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2022\/10\/fortinet-warns-of-active-exploitation.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Fortinet a r\u00e9v\u00e9l\u00e9 lundi que la vuln\u00e9rabilit\u00e9 de s\u00e9curit\u00e9 critique r\u00e9cemment corrig\u00e9e affectant ses produits de pare-feu et de proxy est activement exploit\u00e9e dans la nature. Suivie comme CVE-2022-40684 (score CVSS\u00a0: 9,6), la faille concerne un contournement d&#8217;authentification dans FortiOS, FortiProxy et FortiSwitchManager qui pourrait permettre \u00e0 un attaquant distant d&#8217;effectuer des op\u00e9rations non autoris\u00e9es [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":407783,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[9261,6813,4168,20618,841,22,4158,4165,4161,33458,5671,74,87014,525,4157,4159,4171,4170,14592,4167,4955,4160,4163,4162,12363,4172,4169,4166,4164],"class_list":["post-407782","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-active","tag-bogue","tag-comment-pirater","tag-contournement","tag-contre","tag-critique","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-dauthentification","tag-decouvert","tag-dun","tag-fortinet","tag-garde","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-lexploitation","tag-logiciel-malveillant-de-ransomware","tag-met","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-recemment","tag-securite-informatique","tag-securite-internet","tag-violation-de-donnees","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/407782","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=407782"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/407782\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/407783"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=407782"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=407782"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=407782"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}