{"id":986078,"date":"2023-10-25T05:13:05","date_gmt":"2023-10-25T07:13:05","guid":{"rendered":"https:\/\/teknomers.com\/fr\/alerte-exploits-poc-publies-pour-les-vulnerabilites-citrix-et-vmware\/"},"modified":"2023-10-25T05:13:08","modified_gmt":"2023-10-25T07:13:08","slug":"alerte-exploits-poc-publies-pour-les-vulnerabilites-citrix-et-vmware","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/alerte-exploits-poc-publies-pour-les-vulnerabilites-citrix-et-vmware\/","title":{"rendered":"Alerte\u00a0:\u00a0exploits PoC publi\u00e9s pour les vuln\u00e9rabilit\u00e9s Citrix et VMware"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">25 octobre 2023<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">R\u00e9daction<\/span><\/span><span class=\"p-tags\">Exploit\/Vuln\u00e9rabilit\u00e9<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/10\/Alerte-exploits-PoC-publies-pour-les-vulnerabilites-Citrix-et-VMware.jpg\" style=\"clear: left; display: block; float: left; text-align: center;\"><\/a><\/div>\n<p>Le fournisseur de services de virtualisation VMware a alert\u00e9 ses clients de l&#8217;existence d&#8217;un exploit de preuve de concept (PoC) pour une faille de s\u00e9curit\u00e9 r\u00e9cemment corrig\u00e9e dans Aria Operations for Logs.<\/p>\n<p>Suivie comme CVE-2023-34051 (score CVSS : 8,1), la vuln\u00e9rabilit\u00e9 de haute gravit\u00e9 est li\u00e9e \u00e0 un cas de contournement d&#8217;authentification pouvant conduire \u00e0 l&#8217;ex\u00e9cution de code \u00e0 distance.<\/p>\n<p>&#8220;Un acteur malveillant non authentifi\u00e9 peut injecter des fichiers dans le syst\u00e8me d&#8217;exploitation d&#8217;une appliance concern\u00e9e, ce qui peut entra\u00eener l&#8217;ex\u00e9cution de code \u00e0 distance&#8221;, indique VMware. <a rel=\"nofollow noopener\" href=\"https:\/\/www.vmware.com\/security\/advisories\/VMSA-2023-0021.html\" target=\"_blank\">not\u00e9<\/a> dans un avis du 19 octobre 2023.<\/p>\n<p>James Horseman d&#8217;Horizon3.ai et la Randori Attack Team ont \u00e9t\u00e9 reconnus pour avoir d\u00e9couvert et signal\u00e9 la faille.<\/p>\n<p>Horizon3.ai a depuis mis \u00e0 disposition un <a rel=\"nofollow noopener\" href=\"https:\/\/github.com\/horizon3ai\/CVE-2023-34051\" target=\"_blank\">PoC pour la vuln\u00e9rabilit\u00e9<\/a>incitant VMware \u00e0 r\u00e9viser son avis cette semaine.<\/p>\n<p>Il convient de noter que CVE-2023-34051 est un correctif de contournement pour un ensemble de failles critiques qui ont \u00e9t\u00e9 corrig\u00e9es par VMware plus t\u00f4t en janvier et qui pourraient exposer les utilisateurs \u00e0 des attaques d&#8217;ex\u00e9cution de code \u00e0 distance.<\/p>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/moon-i-2.1\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/10\/Les-Bing-Chat-Ads-de-Microsoft-alimentees-par-lIA-peuvent.png\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>&#8220;Ce patch bypass ne serait pas tr\u00e8s difficile \u00e0 trouver pour un attaquant&#8221;, a d\u00e9clar\u00e9 Horseman. <a rel=\"nofollow noopener\" href=\"https:\/\/www.horizon3.ai\/vmware-aria-operations-for-logs-cve-2023-34051-technical-deep-dive-and-iocs\/\" target=\"_blank\">dit<\/a>.  &#8220;Cette attaque met en \u00e9vidence l&#8217;importance d&#8217;une d\u00e9fense en profondeur. Un d\u00e9fenseur ne peut pas toujours \u00eatre s\u00fbr qu&#8217;un correctif officiel att\u00e9nue compl\u00e8tement une vuln\u00e9rabilit\u00e9.&#8221;<\/p>\n<p>Cette divulgation intervient alors que Citrix a publi\u00e9 son propre avis, exhortant les clients \u00e0 appliquer des correctifs pour CVE-2023-4966 (score CVSS : 9,4), une vuln\u00e9rabilit\u00e9 de s\u00e9curit\u00e9 critique affectant NetScaler ADC et NetScaler Gateway qui est activement exploit\u00e9e dans la nature.<\/p>\n<p>&#8220;Nous avons d\u00e9sormais des rapports d&#8217;incidents correspondant \u00e0 un d\u00e9tournement de session et avons re\u00e7u des rapports cr\u00e9dibles d&#8217;attaques cibl\u00e9es exploitant cette vuln\u00e9rabilit\u00e9&#8221;, a d\u00e9clar\u00e9 la soci\u00e9t\u00e9. <a rel=\"nofollow noopener\" href=\"https:\/\/www.netscaler.com\/blog\/news\/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway\/\" target=\"_blank\">dit<\/a> cette semaine, corroborant un rapport de Mandiant, propri\u00e9t\u00e9 de Google.<\/p>\n<p>Les efforts d\u2019exploitation devraient \u00e9galement s\u2019intensifier dans les prochains jours compte tenu de la disponibilit\u00e9 d\u2019un exploit PoC, baptis\u00e9 <a rel=\"nofollow noopener\" href=\"https:\/\/github.com\/assetnote\/exploits\/tree\/main\/citrix\/CVE-2023-4966\" target=\"_blank\">Saignement Citrix<\/a>.<\/p>\n<p>&#8220;Ici, nous avons vu un exemple int\u00e9ressant de vuln\u00e9rabilit\u00e9 caus\u00e9e par une compr\u00e9hension incompl\u00e8te de snprintf&#8221;, a d\u00e9clar\u00e9 Dylan Pindur, chercheur chez Assetnote. <a rel=\"nofollow noopener\" href=\"https:\/\/www.assetnote.io\/resources\/research\/citrix-bleed-leaking-session-tokens-with-cve-2023-4966\" target=\"_blank\">dit<\/a>.<\/p>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/cis-d\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/10\/1696132289_209_Les-Bing-Chat-Ads-de-Microsoft-alimentees-par-lIA-peuvent.png\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>&#8220;M\u00eame si snprintf est recommand\u00e9 comme version s\u00e9curis\u00e9e de sprintf, il est toujours important d&#8217;\u00eatre prudent. Un d\u00e9bordement de tampon a \u00e9t\u00e9 \u00e9vit\u00e9 en utilisant snprintf mais la lecture excessive du tampon qui a suivi restait un probl\u00e8me.&#8221;<\/p>\n<p>L&#8217;exploitation active du CVE-2023-4966 a incit\u00e9 l&#8217;Agence am\u00e9ricaine de cybers\u00e9curit\u00e9 et de s\u00e9curit\u00e9 des infrastructures (CISA) \u00e0 <a rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2023\/10\/19\/cisa-adds-two-known-exploited-vulnerabilities-catalog\" target=\"_blank\">ajouter<\/a> aux vuln\u00e9rabilit\u00e9s exploit\u00e9es connues (<a rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\" target=\"_blank\">KEV<\/a>), obligeant les agences f\u00e9d\u00e9rales am\u00e9ricaines \u00e0 appliquer les derniers correctifs d&#8217;ici le 8 novembre 2023.<\/p>\n<p>Les derniers d\u00e9veloppements font \u00e9galement suite \u00e0 la sortie de <a rel=\"nofollow noopener\" href=\"https:\/\/documentation.solarwinds.com\/en\/success_center\/arm\/content\/release_notes\/arm_2023-2-1_release_notes.htm\" target=\"_blank\">mises \u00e0 jour<\/a> pour trois vuln\u00e9rabilit\u00e9s critiques d&#8217;ex\u00e9cution de code \u00e0 distance dans SolarWinds Access Rights Manager (<a rel=\"nofollow noopener\" href=\"https:\/\/www.zerodayinitiative.com\/advisories\/ZDI-23-1564\/\" target=\"_blank\">CVE-2023-35182<\/a>, <a rel=\"nofollow noopener\" href=\"https:\/\/www.zerodayinitiative.com\/advisories\/ZDI-23-1565\/\" target=\"_blank\">CVE-2023-35185<\/a>et <a rel=\"nofollow noopener\" href=\"https:\/\/www.zerodayinitiative.com\/advisories\/ZDI-23-1567\/\" target=\"_blank\">CVE-2023-35187<\/a>scores CVSS : 9,8) que des attaquants distants pourraient utiliser pour ex\u00e9cuter du code avec les privil\u00e8ges SYSTEM.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2023\/10\/alert-poc-exploits-released-for-citrix.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80225 octobre 2023\ue804R\u00e9dactionExploit\/Vuln\u00e9rabilit\u00e9 Le fournisseur de services de virtualisation VMware a alert\u00e9 ses clients de l&#8217;existence d&#8217;un exploit de preuve de concept (PoC) pour une faille de s\u00e9curit\u00e9 r\u00e9cemment corrig\u00e9e dans Aria Operations for Logs. Suivie comme CVE-2023-34051 (score CVSS : 8,1), la vuln\u00e9rabilit\u00e9 de haute gravit\u00e9 est li\u00e9e \u00e0 un cas de contournement d&#8217;authentification [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":986079,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[200292,210953,107138,4168,4165,4161,200267,4159,4171,65,200271,200268,200269,200270,54039,185,15955,128318,4172,4169,4166,34910,4164,12365],"class_list":["post-986078","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-actualites-sur-la-cybersecurite","tag-alerteexploits","tag-citrix","tag-comment-pirater","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-cyberactualites","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-les","tag-logiciel-malveillant-rancongiciel","tag-mises-a-jour-sur-la-cybersecurite","tag-nouvelles-des-pirates","tag-nouvelles-sur-le-piratage","tag-poc","tag-pour","tag-publies","tag-securite-des-informations","tag-securite-informatique","tag-securite-internet","tag-violation-de-donnees","tag-vmware","tag-vulnerabilite-logicielle","tag-vulnerabilites"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/986078","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=986078"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/986078\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/986079"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=986078"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=986078"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=986078"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}