{"id":987008,"date":"2023-10-25T17:59:39","date_gmt":"2023-10-25T19:59:39","guid":{"rendered":"https:\/\/teknomers.com\/fr\/agissez-maintenant-vmware-publie-un-correctif-pour-la-vulnerabilite-critique-de-vcenter-server-rce\/"},"modified":"2023-10-25T17:59:44","modified_gmt":"2023-10-25T19:59:44","slug":"agissez-maintenant-vmware-publie-un-correctif-pour-la-vulnerabilite-critique-de-vcenter-server-rce","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/agissez-maintenant-vmware-publie-un-correctif-pour-la-vulnerabilite-critique-de-vcenter-server-rce\/","title":{"rendered":"Agissez maintenant\u00a0: VMware publie un correctif pour la vuln\u00e9rabilit\u00e9 critique de vCenter Server RCE"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">25 octobre 2023<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">R\u00e9daction<\/span><\/span><span class=\"p-tags\">Vuln\u00e9rabilit\u00e9 \/ Cybermenace<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/10\/Agissez-maintenant-VMware-publie-un-correctif-pour-la-vulnerabilite-critique.jpg\" style=\"clear: left; display: block; float: left; text-align: center;\"><\/a><\/div>\n<p>VMware a publi\u00e9 des mises \u00e0 jour de s\u00e9curit\u00e9 pour corriger une faille critique dans vCenter Server qui pourrait entra\u00eener l&#8217;ex\u00e9cution de code \u00e0 distance sur les syst\u00e8mes concern\u00e9s.<\/p>\n<p>Le probl\u00e8me, suivi comme <strong>CVE-2023-34048<\/strong> (score CVSS : 9,8), a \u00e9t\u00e9 d\u00e9crit comme une vuln\u00e9rabilit\u00e9 d&#8217;\u00e9criture hors limites dans la mise en \u0153uvre du <a rel=\"nofollow noopener\" href=\"https:\/\/en.wikipedia.org\/wiki\/DCE\/RPC\" target=\"_blank\">Protocole DCE\/RPC<\/a>.<\/p>\n<p>&#8220;Un acteur malveillant disposant d&#8217;un acc\u00e8s r\u00e9seau \u00e0 vCenter Server peut d\u00e9clencher une \u00e9criture hors limites, conduisant potentiellement \u00e0 l&#8217;ex\u00e9cution de code \u00e0 distance&#8221;, indique VMware. <a rel=\"nofollow noopener\" href=\"https:\/\/www.vmware.com\/security\/advisories\/VMSA-2023-0023.html\" target=\"_blank\">dit<\/a> dans un avis publi\u00e9 aujourd&#8217;hui.<\/p>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/moon-i-3.1\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/10\/Cisco-met-en-garde-contre-une-vulnerabilite-dans-les-logiciels.png\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>Grigory Dorodnov de Trend Micro Zero Day Initiative est cr\u00e9dit\u00e9 de la d\u00e9couverte et du signalement de la faille.<\/p>\n<p>VMware a d\u00e9clar\u00e9 qu&#8217;il n&#8217;existait aucune solution de contournement pour att\u00e9nuer le probl\u00e8me et que des mises \u00e0 jour de s\u00e9curit\u00e9 \u00e9taient disponibles dans les versions suivantes du logiciel\u00a0:<\/p>\n<ul>\n<li>VMware vCenter Server 8.0 (8.0U1d ou 8.0U2)<\/li>\n<li>VMware vCenter Server 7.0 (7.0U3o)<\/li>\n<li>VMware Cloud Foundation 5.x et 4.x<\/li>\n<\/ul>\n<p>Compte tenu de la criticit\u00e9 de la faille et de l&#8217;absence de mesures d&#8217;att\u00e9nuation temporaires, le fournisseur de services de virtualisation a d\u00e9clar\u00e9 qu&#8217;il mettait \u00e9galement \u00e0 disposition un correctif pour vCenter Server 6.7U3, 6.5U3 et VCF 3.x.<\/p>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/cis-d\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/10\/1696132289_209_Les-Bing-Chat-Ads-de-Microsoft-alimentees-par-lIA-peuvent.png\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>La derni\u00e8re mise \u00e0 jour corrige en outre CVE-2023-34056 (score CVSS\u00a0: 4,3), une vuln\u00e9rabilit\u00e9 de divulgation partielle d&#8217;informations affectant vCenter Server qui pourrait permettre \u00e0 un acteur malveillant disposant de privil\u00e8ges non administratifs d&#8217;acc\u00e9der \u00e0 des donn\u00e9es non autoris\u00e9es.<\/p>\n<p>VMware, dans un <a rel=\"nofollow noopener\" href=\"https:\/\/core.vmware.com\/resource\/vmsa-2023-0023-questions-answers#introduction\" target=\"_blank\">FAQ s\u00e9par\u00e9e<\/a>a d\u00e9clar\u00e9 qu&#8217;il n&#8217;\u00e9tait pas au courant d&#8217;une exploitation sauvage des failles, mais a recommand\u00e9 \u00e0 ses clients d&#8217;agir rapidement pour appliquer les correctifs d\u00e8s que possible afin d&#8217;att\u00e9nuer toute menace potentielle.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2023\/10\/act-now-vmware-releases-patch-for.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80225 octobre 2023\ue804R\u00e9dactionVuln\u00e9rabilit\u00e9 \/ Cybermenace VMware a publi\u00e9 des mises \u00e0 jour de s\u00e9curit\u00e9 pour corriger une faille critique dans vCenter Server qui pourrait entra\u00eener l&#8217;ex\u00e9cution de code \u00e0 distance sur les syst\u00e8mes concern\u00e9s. Le probl\u00e8me, suivi comme CVE-2023-34048 (score CVSS : 9,8), a \u00e9t\u00e9 d\u00e9crit comme une vuln\u00e9rabilit\u00e9 d&#8217;\u00e9criture hors limites dans la mise [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":987009,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[200292,20565,4168,32471,22,4165,4161,200267,4159,4171,200271,617,200268,200269,200270,185,2212,22778,128318,4172,4169,103597,211074,4166,34910,3667,4164],"class_list":["post-987008","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-actualites-sur-la-cybersecurite","tag-agissez","tag-comment-pirater","tag-correctif","tag-critique","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-cyberactualites","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-logiciel-malveillant-rancongiciel","tag-maintenant","tag-mises-a-jour-sur-la-cybersecurite","tag-nouvelles-des-pirates","tag-nouvelles-sur-le-piratage","tag-pour","tag-publie","tag-rce","tag-securite-des-informations","tag-securite-informatique","tag-securite-internet","tag-server","tag-vcenter","tag-violation-de-donnees","tag-vmware","tag-vulnerabilite","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/987008","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=987008"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/987008\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/987009"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=987008"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=987008"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=987008"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}