{"id":989251,"date":"2023-10-27T03:22:43","date_gmt":"2023-10-27T05:22:43","guid":{"rendered":"https:\/\/teknomers.com\/fr\/f5-emet-un-avertissement-la-vulnerabilite-big-ip-permet-lexecution-de-code-a-distance\/"},"modified":"2023-10-27T03:22:46","modified_gmt":"2023-10-27T05:22:46","slug":"f5-emet-un-avertissement-la-vulnerabilite-big-ip-permet-lexecution-de-code-a-distance","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/f5-emet-un-avertissement-la-vulnerabilite-big-ip-permet-lexecution-de-code-a-distance\/","title":{"rendered":"F5 \u00e9met un avertissement\u00a0: la vuln\u00e9rabilit\u00e9 BIG-IP permet l&#8217;ex\u00e9cution de code \u00e0 distance"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">27 octobre 2023<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">R\u00e9daction<\/span><\/span><span class=\"p-tags\">S\u00e9curit\u00e9\/Vuln\u00e9rabilit\u00e9 du r\u00e9seau<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/10\/F5-emet-un-avertissement-la-vulnerabilite-BIG-IP-permet-lexecution-de.jpg\" style=\"clear: left; display: block; float: left; text-align: center;\"><\/a><\/div>\n<p>F5 a alert\u00e9 ses clients d&#8217;une vuln\u00e9rabilit\u00e9 de s\u00e9curit\u00e9 critique affectant BIG-IP et pouvant entra\u00eener l&#8217;ex\u00e9cution de code \u00e0 distance non authentifi\u00e9.<\/p>\n<p>Le probl\u00e8me, enracin\u00e9 dans le composant utilitaire de configuration, s&#8217;est vu attribuer l&#8217;identifiant CVE <strong>CVE-2023-46747<\/strong>et porte un score CVSS de 9,8 sur un maximum de 10.<\/p>\n<p>&#8220;Cette vuln\u00e9rabilit\u00e9 peut permettre \u00e0 un attaquant non authentifi\u00e9 ayant un acc\u00e8s r\u00e9seau au syst\u00e8me BIG-IP via le port de gestion et\/ou ses propres adresses IP d&#8217;ex\u00e9cuter des commandes syst\u00e8me arbitraires&#8221;, F5 <a rel=\"nofollow noopener\" href=\"https:\/\/my.f5.com\/manage\/s\/article\/K000137353\" target=\"_blank\">dit<\/a> dans un avis publi\u00e9 jeudi.  &#8220;Il n&#8217;y a pas d&#8217;exposition au plan de donn\u00e9es\u00a0; il s&#8217;agit uniquement d&#8217;un probl\u00e8me de plan de contr\u00f4le.&#8221;<\/p>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/moon-i-3.1\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/10\/Cisco-met-en-garde-contre-une-vulnerabilite-dans-les-logiciels.png\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>Les versions suivantes de BIG-IP se sont r\u00e9v\u00e9l\u00e9es vuln\u00e9rables &#8211;<\/p>\n<ul>\n<li>17.1.0 (Corrig\u00e9 dans 17.1.0.3 + Hotfix-BIGIP-17.1.0.3.0.75.4-ENG)<\/li>\n<li>16.1.0 &#8211; 16.1.4 (Corrig\u00e9 dans 16.1.4.1 + Hotfix-BIGIP-16.1.4.1.0.50.5-ENG)<\/li>\n<li>15.1.0 &#8211; 15.1.10 (Corrig\u00e9 dans 15.1.10.2 + Hotfix-BIGIP-15.1.10.2.0.44.2-ENG)<\/li>\n<li>14.1.0 &#8211; 14.1.5 (Corrig\u00e9 dans 14.1.5.6 + Hotfix-BIGIP-14.1.5.6.0.10.6-ENG)<\/li>\n<li>13.1.0 &#8211; 13.1.5 (Corrig\u00e9 dans 13.1.5.1 + Hotfix-BIGIP-13.1.5.1.0.20.2-ENG)<\/li>\n<\/ul>\n<p>\u00c0 titre d&#8217;att\u00e9nuation, F5 a \u00e9galement mis \u00e0 disposition un script shell pour les utilisateurs des versions 14.1.0 et ult\u00e9rieures de BIG-IP.  &#8220;Ce script ne doit \u00eatre utilis\u00e9 sur aucune version de BIG-IP ant\u00e9rieure \u00e0 14.1.0, sinon il emp\u00eachera le d\u00e9marrage de l&#8217;utilitaire de configuration&#8221;, a pr\u00e9venu la soci\u00e9t\u00e9.<\/p>\n<p>D&#8217;autres solutions de contournement temporaires disponibles pour les utilisateurs sont ci-dessous &#8211;<\/p>\n<p>Michael Weber et Thomas Hendrickson de Praetorian ont \u00e9t\u00e9 reconnus pour avoir d\u00e9couvert et signal\u00e9 la vuln\u00e9rabilit\u00e9 le 4 octobre 2023.<\/p>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/cis-d\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/10\/1696132289_209_Les-Bing-Chat-Ads-de-Microsoft-alimentees-par-lIA-peuvent.png\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>L&#8217;entreprise de cybers\u00e9curit\u00e9, dans un <a rel=\"nofollow noopener\" href=\"https:\/\/www.praetorian.com\/blog\/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747\/\" target=\"_blank\">rapport technique<\/a> \u00e0 lui seul, a d\u00e9crit CVE-2023-46747 comme un probl\u00e8me de contournement d&#8217;authentification pouvant conduire \u00e0 une compromission totale du syst\u00e8me F5 en ex\u00e9cutant des commandes arbitraires en tant que root sur le syst\u00e8me cible, notant qu&#8217;il est \u00ab \u00e9troitement li\u00e9 \u00e0 <a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-26377\" target=\"_blank\">CVE-2022-26377<\/a>&#8220;.<\/p>\n<p>Praetorian recommande \u00e9galement aux utilisateurs de restreindre l&#8217;acc\u00e8s \u00e0 l&#8217;interface utilisateur de gestion du trafic (TMUI) depuis Internet.  Il convient de noter que CVE-2023-46747 est la troisi\u00e8me faille d&#8217;ex\u00e9cution de code \u00e0 distance non authentifi\u00e9e d\u00e9couverte dans TMUI apr\u00e8s CVE-2020-5902 et CVE-2022-1388.<\/p>\n<p>&#8220;Un bug de contrebande de requ\u00eates apparemment \u00e0 faible impact peut devenir un probl\u00e8me s\u00e9rieux lorsque deux services diff\u00e9rents se d\u00e9chargent mutuellement des responsabilit\u00e9s d&#8217;authentification&#8221;, ont d\u00e9clar\u00e9 les chercheurs.  &#8220;L&#8217;envoi de requ\u00eates au service &#8216;backend&#8217; qui suppose que l&#8217;authentification est g\u00e9r\u00e9e par le &#8216;frontend&#8217; peut conduire \u00e0 un comportement int\u00e9ressant.&#8221;<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2023\/10\/f5-issues-warning-big-ip-vulnerability.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80227 octobre 2023\ue804R\u00e9dactionS\u00e9curit\u00e9\/Vuln\u00e9rabilit\u00e9 du r\u00e9seau F5 a alert\u00e9 ses clients d&#8217;une vuln\u00e9rabilit\u00e9 de s\u00e9curit\u00e9 critique affectant BIG-IP et pouvant entra\u00eener l&#8217;ex\u00e9cution de code \u00e0 distance non authentifi\u00e9. Le probl\u00e8me, enracin\u00e9 dans le composant utilitaire de configuration, s&#8217;est vu attribuer l&#8217;identifiant CVE CVE-2023-46747et porte un score CVSS de 9,8 sur un maximum de 10. &#8220;Cette vuln\u00e9rabilit\u00e9 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":989252,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[200292,4958,60488,5597,4168,4165,4161,200267,2526,4957,4159,4171,40144,200271,200268,200269,200270,9701,128318,4172,4169,4166,3667,4164],"class_list":["post-989251","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-actualites-sur-la-cybersecurite","tag-avertissement","tag-bigip","tag-code","tag-comment-pirater","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-cyberactualites","tag-distance","tag-emet","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-lexecution","tag-logiciel-malveillant-rancongiciel","tag-mises-a-jour-sur-la-cybersecurite","tag-nouvelles-des-pirates","tag-nouvelles-sur-le-piratage","tag-permet","tag-securite-des-informations","tag-securite-informatique","tag-securite-internet","tag-violation-de-donnees","tag-vulnerabilite","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/989251","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=989251"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/989251\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/989252"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=989251"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=989251"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=989251"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}