{"id":412825,"date":"2022-10-14T02:30:33","date_gmt":"2022-10-14T04:30:33","guid":{"rendered":"https:\/\/teknomers.com\/fr\/exploit-poc-publie-pour-le-bogue-critique-fortinet-auth-bypass-sous-des-attaques-actives\/"},"modified":"2022-10-14T02:30:35","modified_gmt":"2022-10-14T04:30:35","slug":"exploit-poc-publie-pour-le-bogue-critique-fortinet-auth-bypass-sous-des-attaques-actives","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/exploit-poc-publie-pour-le-bogue-critique-fortinet-auth-bypass-sous-des-attaques-actives\/","title":{"rendered":"Exploit PoC publi\u00e9 pour le bogue critique Fortinet Auth Bypass sous des attaques actives"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both\"><\/div>\n<p>Un code d&#8217;exploitation de preuve de concept (PoC) a \u00e9t\u00e9 mis \u00e0 disposition pour la faille de s\u00e9curit\u00e9 critique r\u00e9cemment r\u00e9v\u00e9l\u00e9e affectant Fortinet FortiOS, FortiProxy et FortiSwitchManager, ce qui oblige les utilisateurs \u00e0 agir rapidement pour appliquer les correctifs.<\/p>\n<p>&#8220;FortiOS expose un portail Web de gestion qui permet \u00e0 un utilisateur de configurer le syst\u00e8me&#8221;, a d\u00e9clar\u00e9 le chercheur d&#8217;Horizon3.ai, James Horseman. <a rel=\"nofollow noopener\" href=\"https:\/\/www.horizon3.ai\/fortios-fortiproxy-and-fortiswitchmanager-authentication-bypass-technical-deep-dive-cve-2022-40684\/\" target=\"_blank\">a dit<\/a>.  &#8220;De plus, un utilisateur peut SSH dans le syst\u00e8me qui expose une interface CLI verrouill\u00e9e.&#8221;<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/strike-d\" target=\"_blank\" title=\"DevOps backupy\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/08\/La-nouvelle-vulnerabilite-Amazon-Ring-aurait-pu-exposer-tous-vos.png\" width=\"300\" height=\"250\" \/><\/a><\/div>\n<p>Le probl\u00e8me, suivi comme CVE-2022-40684 (score CVSS\u00a0: 9,6), concerne un <a rel=\"nofollow noopener\" href=\"https:\/\/www.horizon3.ai\/fortinet-iocs-cve-2022-40684\/\" target=\"_blank\">contournement d&#8217;authentification<\/a> vuln\u00e9rabilit\u00e9 qui pourrait permettre \u00e0 un attaquant distant d&#8217;effectuer des op\u00e9rations malveillantes sur l&#8217;interface d&#8217;administration via des requ\u00eates HTTP(S) sp\u00e9cialement con\u00e7ues.<\/p>\n<p>Une exploitation r\u00e9ussie de la lacune revient \u00e0 accorder un acc\u00e8s complet &#8220;pour faire \u00e0 peu pr\u00e8s n&#8217;importe quoi&#8221; sur le syst\u00e8me affect\u00e9, y compris la modification des configurations r\u00e9seau, l&#8217;ajout d&#8217;utilisateurs malveillants et l&#8217;interception du trafic r\u00e9seau.<\/p>\n<div class=\"separator\" style=\"clear: both\"><img decoding=\"async\" alt=\"\" border=\"0\" data-original-height=\"700\" data-original-width=\"728\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/10\/1665721833_252_Exploit-PoC-publie-pour-le-bogue-critique-Fortinet-Auth-Bypass.jpg\" \/><\/div>\n<p>Cela dit, la soci\u00e9t\u00e9 de cybers\u00e9curit\u00e9 a d\u00e9clar\u00e9 qu&#8217;il y avait deux conditions pr\u00e9alables essentielles pour faire une telle demande &#8211;<\/p>\n<ul>\n<li>En utilisant l&#8217;en-t\u00eate Forwarded, un attaquant est capable de positionner le client_ip \u00e0 &#8220;127.0.0.1&#8221;<\/li>\n<li>Le contr\u00f4le d&#8217;authentification &#8220;acc\u00e8s de confiance&#8221; v\u00e9rifie que le client_ip est &#8220;127.0.0.1&#8221; et que l&#8217;agent utilisateur est &#8220;Report Runner&#8221;, tous deux sous le contr\u00f4le de l&#8217;attaquant<\/li>\n<\/ul>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/crowd-mid-d\" target=\"_blank\" title=\"CyberSecurity\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/08\/Google-Cloud-bloque-une-attaque-DDoS-record-de-46-millions.png\" width=\"728\" height=\"90\" \/><\/a><\/div>\n<p>La publication du PoC intervient alors que Fortinet a averti qu&#8217;il \u00e9tait d\u00e9j\u00e0 au courant d&#8217;un cas d&#8217;exploitation active de la faille dans la nature, ce qui a incit\u00e9 la Cybersecurity and Infrastructure Security Agency (CISA) des \u00c9tats-Unis \u00e0 publier un avis exhortant les agences f\u00e9d\u00e9rales \u00e0 corriger la faille d&#8217;ici novembre. 1, 2022.<\/p>\n<p>La soci\u00e9t\u00e9 de renseignements sur les menaces GreyNoise a <a rel=\"nofollow noopener\" href=\"https:\/\/viz.greynoise.io\/tag\/fortios-authentication-bypass-attempt?days=30\" target=\"_blank\">d\u00e9tect\u00e9<\/a> 12 adresses IP uniques militarisant CVE-2022-40684 au 13 octobre 2022, avec une majorit\u00e9 d&#8217;entre elles <a rel=\"nofollow noopener\" href=\"https:\/\/viz.greynoise.io\/query\/?gnql=cve%3ACVE-2022-40684\" target=\"_blank\">situ\u00e9<\/a> en Allemagne, suivi du Br\u00e9sil, des \u00c9tats-Unis, de la Chine et de la France.<\/p>\n<p><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2022\/10\/poc-exploit-released-for-critical.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Un code d&#8217;exploitation de preuve de concept (PoC) a \u00e9t\u00e9 mis \u00e0 disposition pour la faille de s\u00e9curit\u00e9 critique r\u00e9cemment r\u00e9v\u00e9l\u00e9e affectant Fortinet FortiOS, FortiProxy et FortiSwitchManager, ce qui oblige les utilisateurs \u00e0 agir rapidement pour appliquer les correctifs. &#8220;FortiOS expose un portail Web de gestion qui permet \u00e0 un utilisateur de configurer le syst\u00e8me&#8221;, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":412826,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[21116,8074,116602,6813,116603,4168,22,4158,4165,4161,133,3010,87014,4157,4159,4171,4170,4167,4160,4163,4162,54039,185,2212,4172,4169,367,4166,4164],"class_list":["post-412825","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-actives","tag-attaques","tag-auth","tag-bogue","tag-bypass","tag-comment-pirater","tag-critique","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-des","tag-exploit","tag-fortinet","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-logiciel-malveillant-de-ransomware","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-poc","tag-pour","tag-publie","tag-securite-informatique","tag-securite-internet","tag-sous","tag-violation-de-donnees","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/412825","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=412825"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/412825\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/412826"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=412825"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=412825"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=412825"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}