{"id":442553,"date":"2022-11-01T22:45:23","date_gmt":"2022-11-02T00:45:23","guid":{"rendered":"https:\/\/teknomers.com\/fr\/vulnerabilite-rce-critique-signalee-dans-la-solution-de-sauvegarde-de-serveur-connectwise\/"},"modified":"2022-11-01T22:45:25","modified_gmt":"2022-11-02T00:45:25","slug":"vulnerabilite-rce-critique-signalee-dans-la-solution-de-sauvegarde-de-serveur-connectwise","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/vulnerabilite-rce-critique-signalee-dans-la-solution-de-sauvegarde-de-serveur-connectwise\/","title":{"rendered":"Vuln\u00e9rabilit\u00e9 RCE critique signal\u00e9e dans la solution de sauvegarde de serveur ConnectWise"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both\"><\/div>\n<p>La plate-forme logicielle de gestion des services informatiques ConnectWise a publi\u00e9 des correctifs logiciels pour une vuln\u00e9rabilit\u00e9 de s\u00e9curit\u00e9 critique dans Recover et R1Soft Server Backup Manager (SBM).<\/p>\n<p>Le probl\u00e8me, <a rel=\"nofollow noopener\" href=\"https:\/\/cwe.mitre.org\/data\/definitions\/74.html\" target=\"_blank\">caract\u00e9ris\u00e9<\/a> en tant que \u00ab\u00a0neutralisation d&#8217;\u00e9l\u00e9ments sp\u00e9ciaux dans la sortie utilis\u00e9s par un composant en aval\u00a0\u00bb, pourrait \u00eatre utilis\u00e9 abusivement pour entra\u00eener l&#8217;ex\u00e9cution de code \u00e0 distance ou la divulgation d&#8217;informations sensibles.<\/p>\n<p>L&#8217;avis de ConnectWise note que la faille affecte Recover v2.9.7 et versions ant\u00e9rieures, ainsi que R1Soft SBM v6.16.3 et versions ant\u00e9rieures, sont affect\u00e9es par la faille critique.<\/p>\n<p>\u00c0 la base, le probl\u00e8me est li\u00e9 \u00e0 une vuln\u00e9rabilit\u00e9 de contournement d&#8217;authentification en amont dans le framework d&#8217;application Web Ajax open source ZK (<a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-36537\" target=\"_blank\">CVE-2022-36537<\/a>), qui a \u00e9t\u00e9 initialement corrig\u00e9 en mai 2022.<\/p>\n<p><iframe loading=\"lazy\" title=\"Backup Server Hacked - SUPPLY CHAIN Code Execution\" width=\"640\" height=\"360\" src=\"https:\/\/www.youtube.com\/embed\/HnS9o9E7rhY?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/p>\n<p>&#8220;Les SBM ConnectWise Recover concern\u00e9s ont \u00e9t\u00e9 automatiquement mis \u00e0 jour vers la derni\u00e8re version de Recover (v2.9.9)&#8221;, la soci\u00e9t\u00e9 <a rel=\"nofollow noopener\" href=\"https:\/\/www.connectwise.com\/company\/trust\/security-bulletins\/r1soft-and-recover-security-bulletin\" target=\"_blank\">a dit<\/a>exhortant les clients \u00e0 passer \u00e0 <a rel=\"nofollow noopener\" href=\"https:\/\/wiki.r1soft.com\/display\/ServerBackupManager\/Server+Backup+6.16.4+Release+Notes\" target=\"_blank\">SBM v6.16.4<\/a> exp\u00e9di\u00e9 le 28 octobre 2022.<\/p>\n<div class=\"separator\" style=\"clear: both\"><img decoding=\"async\" alt=\"ConnectWise\" border=\"0\" data-original-height=\"553\" data-original-width=\"728\" src=\"https:\/\/thehackernews.com\/new-images\/img\/b\/R29vZ2xl\/AVvXsEg3oNMXb-TwOtHTg7K7pouqbIR0bqzgx3I5K3GAif-SDPwSu78jtGGsKUQrwfHKBZjw1Lg_EOb3GqJSSPG3lMVRprzjIL2but2QV1Hv4rqieP-mghDwmkeUfe_fl2rMCNeHTDA7Mu7Yc6ENINsndFNX5TO-2SG8Fx2vhcnpTYMRtcjAtQ3aK1g38Mn2\/s728-e1000\/shodan.jpg\" title=\"ConnectWise\" \/><\/div>\n<p>Entreprise de cybers\u00e9curit\u00e9 Huntress <a rel=\"nofollow noopener\" href=\"https:\/\/www.huntress.com\/blog\/critical-vulnerability-disclosure-connectwise\/r1soft-server-backup-manager-remote-code-execution-supply-chain-risks\" target=\"_blank\">a dit<\/a> il a identifi\u00e9 &#8220;plus de 5 000 instances de sauvegarde de gestionnaire de serveur expos\u00e9es&#8221;, exposant potentiellement les entreprises aux risques de la cha\u00eene d&#8217;approvisionnement.<\/p>\n<p>Bien qu&#8217;il n&#8217;y ait aucune preuve d&#8217;exploitation active de la vuln\u00e9rabilit\u00e9 dans la nature, une preuve de concept con\u00e7ue par les chercheurs de Huntress John Hammond et Caleb Stewart montre qu&#8217;il peut \u00eatre abus\u00e9 pour contourner l&#8217;authentification, obtenir l&#8217;ex\u00e9cution de code \u00e0 distance sur SBM et pousser LockBit 3.0 ransomware \u00e0 tous les terminaux en aval.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/crowd-mid-d\" target=\"_blank\" title=\"CyberSecurity\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/11\/Vulnerabilite-RCE-critique-signalee-dans-la-solution-de-sauvegarde-de.png\" width=\"728\" height=\"90\" \/><\/a><\/div>\n<p>&#8220;Il est important de noter que la vuln\u00e9rabilit\u00e9 ZK en amont affecte non seulement R1Soft, mais \u00e9galement toute application utilisant une version non corrig\u00e9e du framework ZK&#8221;, ont d\u00e9clar\u00e9 les chercheurs.<\/p>\n<p>&#8220;L&#8217;acc\u00e8s qu&#8217;un attaquant peut obtenir en utilisant cette vuln\u00e9rabilit\u00e9 de contournement d&#8217;authentification est sp\u00e9cifique \u00e0 l&#8217;application exploit\u00e9e, mais il existe un risque s\u00e9rieux que d&#8217;autres applications soient affect\u00e9es de la m\u00eame mani\u00e8re que R1Soft Server Backup Manager.&#8221;<\/p>\n<p><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2022\/11\/critical-rce-vulnerability-reported-in.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>La plate-forme logicielle de gestion des services informatiques ConnectWise a publi\u00e9 des correctifs logiciels pour une vuln\u00e9rabilit\u00e9 de s\u00e9curit\u00e9 critique dans Recover et R1Soft Server Backup Manager (SBM). Le probl\u00e8me, caract\u00e9ris\u00e9 en tant que \u00ab\u00a0neutralisation d&#8217;\u00e9l\u00e9ments sp\u00e9ciaux dans la sortie utilis\u00e9s par un composant en aval\u00a0\u00bb, pourrait \u00eatre utilis\u00e9 abusivement pour entra\u00eener l&#8217;ex\u00e9cution de code [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":442555,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[4168,121277,22,4158,4165,4161,429,4157,4159,4171,4170,4167,4160,4163,4162,22778,20072,4172,4169,32855,9499,7189,4166,3667,4164],"class_list":["post-442553","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-comment-pirater","tag-connectwise","tag-critique","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-dans","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-logiciel-malveillant-de-ransomware","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-rce","tag-sauvegarde","tag-securite-informatique","tag-securite-internet","tag-serveur","tag-signalee","tag-solution","tag-violation-de-donnees","tag-vulnerabilite","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/442553","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=442553"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/442553\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/442555"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=442553"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=442553"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=442553"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}