{"id":510073,"date":"2022-12-14T03:31:27","date_gmt":"2022-12-14T05:31:27","guid":{"rendered":"https:\/\/teknomers.com\/fr\/les-pirates-exploitent-activement-citrix-adc-et-la-vulnerabilite-zero-day-de-gateway\/"},"modified":"2022-12-14T03:31:29","modified_gmt":"2022-12-14T05:31:29","slug":"les-pirates-exploitent-activement-citrix-adc-et-la-vulnerabilite-zero-day-de-gateway","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/les-pirates-exploitent-activement-citrix-adc-et-la-vulnerabilite-zero-day-de-gateway\/","title":{"rendered":"Les pirates exploitent activement Citrix ADC et la vuln\u00e9rabilit\u00e9 Zero-Day de Gateway"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">14 d\u00e9cembre 2022<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><\/span><span class=\"p-tags\">S\u00e9curit\u00e9 des applications \/ Zero-Day<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><\/div>\n<p>La National Security Agency (NSA) des \u00c9tats-Unis, mardi <a rel=\"nofollow noopener\" href=\"https:\/\/media.defense.gov\/2022\/Dec\/13\/2003131586\/-1\/-1\/0\/CSA-APT5-CITRIXADC-V1.PDF\" target=\"_blank\">a dit<\/a> un acteur malveillant suivi sous le nom d&#8217;APT5 exploite activement une faille zero-day dans Citrix Application Delivery Controller (ADC) et Gateway pour prendre le contr\u00f4le des syst\u00e8mes concern\u00e9s.<\/p>\n<p>La vuln\u00e9rabilit\u00e9 critique d&#8217;ex\u00e9cution de code \u00e0 distance, identifi\u00e9e comme <a rel=\"nofollow noopener\" href=\"https:\/\/www.citrix.com\/blogs\/2022\/12\/13\/critical-security-update-now-available-for-citrix-adc-citrix-gateway\/\" target=\"_blank\">CVE-2022-27518<\/a>pourrait permettre \u00e0 un attaquant non authentifi\u00e9 d&#8217;ex\u00e9cuter des commandes \u00e0 distance sur des appareils vuln\u00e9rables et d&#8217;en prendre le contr\u00f4le.<\/p>\n<p>Une exploitation r\u00e9ussie n\u00e9cessite cependant que l&#8217;appliance Citrix ADC ou Citrix Gateway soit configur\u00e9e en tant que fournisseur de services SAML (SP) ou fournisseur d&#8217;identit\u00e9 SAML (IdP).<\/p>\n<div class=\"ad_two clear\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/uptycs-inside\" target=\"_blank\" title=\"CyberSecurity\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/12\/1670949871_285_De-graves-attaques-auraient-pu-etre-mises-en-scene-via.png\" width=\"728\" height=\"90\"\/><\/a><\/center><\/div>\n<p>Les versions suivantes prises en charge de Citrix ADC et Citrix Gateway sont affect\u00e9es par la vuln\u00e9rabilit\u00e9 &#8211;<\/p>\n<ul>\n<li>Citrix ADC et Citrix Gateway 13.0 avant 13.0-58.32<\/li>\n<li>Citrix ADC et Citrix Gateway 12.1 avant 12.1-65.25<\/li>\n<li>Citrix ADC 12.1-FIPS avant 12.1-55.291<\/li>\n<li>Citrix ADC 12.1-NDcPP avant 12.1-55.291<\/li>\n<\/ul>\n<p>Citrix ADC et Citrix Gateway versions 13.1 ne sont pas impact\u00e9s.  La soci\u00e9t\u00e9 a \u00e9galement d\u00e9clar\u00e9 qu&#8217;aucune solution de contournement n&#8217;\u00e9tait disponible &#8220;au-del\u00e0 de la d\u00e9sactivation de l&#8217;authentification SAML ou de la mise \u00e0 niveau vers une version actuelle&#8221;.<\/p>\n<p>Le fournisseur de services de virtualisation a d\u00e9clar\u00e9 \u00eatre au courant d&#8217;un &#8220;petit nombre d&#8217;attaques cibl\u00e9es dans la nature&#8221; utilisant la faille, exhortant les clients \u00e0 appliquer le dernier correctif aux syst\u00e8mes non att\u00e9nu\u00e9s.<\/p>\n<p><a rel=\"nofollow noopener\" href=\"https:\/\/www.mandiant.com\/resources\/insights\/apt-groups#:~:text=to%20the%20group.-,APT5,-Suspected%20attribution%3A%20China\" target=\"_blank\">APT5<\/a>, \u00e9galement connu sous le nom de Bronze Fleetwood, Keyhole Panda, Manganese et UNC2630, est cens\u00e9 op\u00e9rer au nom d&#8217;int\u00e9r\u00eats chinois.  L&#8217;ann\u00e9e derni\u00e8re, Mandiant a r\u00e9v\u00e9l\u00e9 une activit\u00e9 d&#8217;espionnage ciblant des march\u00e9s verticaux qui correspondait aux priorit\u00e9s du gouvernement d\u00e9crites dans le 14e plan quinquennal de la Chine.<\/p>\n<p>Ces attaques impliquaient l&#8217;abus d&#8217;une faille alors divulgu\u00e9e dans les appareils VPN Pulse Secure (CVE-2021-22893, score CVSS\u00a0: 10,0) pour d\u00e9ployer des shells Web malveillants et exfiltrer des informations pr\u00e9cieuses des r\u00e9seaux d&#8217;entreprise.<\/p>\n<p>&#8220;APT5 a d\u00e9montr\u00e9 ses capacit\u00e9s par rapport aux d\u00e9ploiements de Citrix Application Delivery Controller&#8221;, a d\u00e9clar\u00e9 la NSA.  &#8220;Cibler les Citrix ADC peut faciliter l&#8217;acc\u00e8s ill\u00e9gitime aux organisations cibl\u00e9es en contournant les contr\u00f4les d&#8217;authentification normaux.&#8221;<\/p>\n<p>Microsoft, le mois dernier, a soulign\u00e9 l&#8217;histoire des acteurs chinois de la menace consistant \u00e0 d\u00e9couvrir et \u00e0 utiliser les jours z\u00e9ro \u00e0 leur avantage avant d&#8217;\u00eatre r\u00e9cup\u00e9r\u00e9s par d&#8217;autres collectifs adversaires dans la nature.<\/p>\n<p>La nouvelle du bogue Citrix survient \u00e9galement un jour apr\u00e8s que Fortinet a r\u00e9v\u00e9l\u00e9 une vuln\u00e9rabilit\u00e9 grave qui facilite \u00e9galement l&#8217;ex\u00e9cution de code \u00e0 distance dans les appareils FortiOS SSL-VPN (CVE-2022-42475, score CVSS\u00a0: 9,3).<\/p>\n<h3>VMWare publie des mises \u00e0 jour pour les vuln\u00e9rabilit\u00e9s d&#8217;ex\u00e9cution de code<\/h3>\n<p>Dans un d\u00e9veloppement connexe, VMware <a rel=\"nofollow noopener\" href=\"https:\/\/www.vmware.com\/security\/advisories.html\" target=\"_blank\">divulgu\u00e9<\/a> d\u00e9tails de deux failles critiques affectant ESXi, Fusion, Workstation et vRealize Network Insight (vRNI) qui pourraient entra\u00eener l&#8217;injection de commandes et l&#8217;ex\u00e9cution de code.<\/p>\n<ul>\n<li><a rel=\"nofollow noopener\" href=\"https:\/\/www.vmware.com\/security\/advisories\/VMSA-2022-0031.html\" target=\"_blank\"><strong>CVE-2022-31702<\/strong><\/a>  (score CVSS\u00a0: 9,8) &#8211; Vuln\u00e9rabilit\u00e9 d&#8217;injection de commande dans vRNI<\/li>\n<li><a rel=\"nofollow noopener\" href=\"https:\/\/www.vmware.com\/security\/advisories\/VMSA-2022-0031.html\" target=\"_blank\"><strong>CVE-2022-31703<\/strong><\/a>  (Score CVSS\u00a0: 7,5) &#8211; Vuln\u00e9rabilit\u00e9 de travers\u00e9e de r\u00e9pertoire dans vRNI<\/li>\n<li><a rel=\"nofollow noopener\" href=\"https:\/\/www.vmware.com\/security\/advisories\/VMSA-2022-0033.html\" target=\"_blank\"><strong>CVE-2022-31705<\/strong><\/a>  (Score CVSS\u00a0: 5,9\/9,3) &#8211; Vuln\u00e9rabilit\u00e9 d&#8217;\u00e9criture hors limites du tas dans le contr\u00f4leur EHCI<\/li>\n<\/ul>\n<p>&#8220;Sur ESXi, l&#8217;exploitation est contenue dans le bac \u00e0 sable VMX alors que, sur Workstation et Fusion, cela peut conduire \u00e0 l&#8217;ex\u00e9cution de code sur la machine o\u00f9 Workstation ou Fusion est install\u00e9&#8221;, a d\u00e9clar\u00e9 la soci\u00e9t\u00e9 dans un bulletin de s\u00e9curit\u00e9 pour CVE-2022-31705.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2022\/12\/hackers-actively-exploiting-citrix-adc.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80214 d\u00e9cembre 2022\ue804Ravie LakshmananS\u00e9curit\u00e9 des applications \/ Zero-Day La National Security Agency (NSA) des \u00c9tats-Unis, mardi a dit un acteur malveillant suivi sous le nom d&#8217;APT5 exploite activement une faille zero-day dans Citrix Application Delivery Controller (ADC) et Gateway pour prendre le contr\u00f4le des syst\u00e8mes concern\u00e9s. La vuln\u00e9rabilit\u00e9 critique d&#8217;ex\u00e9cution de code \u00e0 distance, identifi\u00e9e [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":510074,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[4807,15148,107138,4168,4158,4165,4161,8736,72147,4157,4159,4171,4170,65,4167,4160,4163,4162,4394,4172,4169,4166,3667,4164,35759],"class_list":["post-510073","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-activement","tag-adc","tag-citrix","tag-comment-pirater","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-exploitent","tag-gateway","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-les","tag-logiciel-malveillant-de-ransomware","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-pirates","tag-securite-informatique","tag-securite-internet","tag-violation-de-donnees","tag-vulnerabilite","tag-vulnerabilite-logicielle","tag-zeroday"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/510073","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=510073"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/510073\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/510074"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=510073"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=510073"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=510073"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}