{"id":21836,"date":"2026-03-23T10:04:11","date_gmt":"2026-03-23T09:04:11","guid":{"rendered":"https:\/\/blog.actn.fr\/?p=21836"},"modified":"2026-03-23T10:04:11","modified_gmt":"2026-03-23T09:04:11","slug":"bulletin-dalerte-ubiquiti-062-vulnerabilites-critiques-dans-unifi","status":"publish","type":"post","link":"https:\/\/blog.actn.fr\/?p=21836","title":{"rendered":"Bulletin d&rsquo;alerte Ubiquiti 062 : vuln\u00e9rabilit\u00e9s critiques dans UniFi."},"content":{"rendered":"<h1 data-section-id=\"17miir5\" data-start=\"186\" data-end=\"259\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-21846 aligncenter\" src=\"https:\/\/blog.actn.fr\/wp-content\/uploads\/2026\/03\/ubiquiti-securtiy-bulletin.jpg\" alt=\"\" width=\"600\" height=\"400\" \/><\/h1>\n<h1 style=\"text-align: justify;\" data-section-id=\"17miir5\" data-start=\"186\" data-end=\"259\"><strong>Vuln\u00e9rabilit\u00e9s critiques dans UniFi (Bulletin 062)<\/strong><\/h1>\n<p>&#8211; Publi\u00e9: 18 mars 2026<br \/>\n&#8211; Mis \u00e0 jour : 21 mars 2026<\/p>\n<h2 style=\"text-align: justify;\" data-section-id=\"1gcz224\" data-start=\"261\" data-end=\"275\"><strong>Contexte<\/strong><\/h2>\n<p style=\"text-align: justify;\" data-start=\"276\" data-end=\"562\">Ubiquiti a publi\u00e9 le <strong data-start=\"297\" data-end=\"313\">18 mars 2026<\/strong> un bulletin de s\u00e9curit\u00e9 majeur concernant plusieurs versions de son application <strong data-start=\"394\" data-end=\"411\">UniFi Network<\/strong>. Cette alerte concerne des versions largement d\u00e9ploy\u00e9es dans les environnements professionnels et domestiques.<\/p>\n<h2 style=\"text-align: justify;\" data-section-id=\"ismdmr\" data-start=\"569\" data-end=\"625\"><\/h2>\n<h2 style=\"text-align: justify;\" data-section-id=\"ismdmr\" data-start=\"569\" data-end=\"625\"><strong>Des vuln\u00e9rabilit\u00e9s critiques (score jusqu\u2019\u00e0 10\/10)<\/strong><\/h2>\n<p style=\"text-align: justify;\" data-start=\"627\" data-end=\"703\">Le bulletin met en \u00e9vidence <strong data-start=\"655\" data-end=\"683\">deux failles de s\u00e9curit\u00e9<\/strong> identifi\u00e9es comme :<\/p>\n<ul style=\"text-align: justify;\" data-start=\"705\" data-end=\"848\">\n<li data-section-id=\"9prb18\" data-start=\"705\" data-end=\"758\"><strong data-start=\"707\" data-end=\"725\">CVE-2026-22557<\/strong> \u2192 score CVSS <strong data-start=\"739\" data-end=\"758\">10.0 (critique)<\/strong><\/li>\n<li data-section-id=\"1qtrkro\" data-start=\"759\" data-end=\"848\"><strong data-start=\"761\" data-end=\"779\">CVE-2026-22558<\/strong> \u2192 score CVSS <strong data-start=\"793\" data-end=\"808\">7.7 (\u00e9lev\u00e9)<\/strong><\/li>\n<\/ul>\n<h3 style=\"text-align: justify;\" data-section-id=\"4ry6jp\" data-start=\"850\" data-end=\"875\"><strong>Nature des failles<\/strong><\/h3>\n<ul style=\"text-align: justify;\" data-start=\"876\" data-end=\"1168\">\n<li data-section-id=\"1sh3z0s\" data-start=\"876\" data-end=\"997\">Une vuln\u00e9rabilit\u00e9 de type <strong data-start=\"904\" data-end=\"922\">path traversal<\/strong> permettrait \u00e0 un attaquant d\u2019acc\u00e9der \u00e0 des fichiers sensibles du syst\u00e8me<\/li>\n<li data-section-id=\"1gd624e\" data-start=\"998\" data-end=\"1168\">L\u2019exploitation pourrait conduire \u00e0 :\n<ul data-start=\"1039\" data-end=\"1168\">\n<li data-section-id=\"1ugsoob\" data-start=\"1039\" data-end=\"1071\">acc\u00e8s non autoris\u00e9 aux donn\u00e9es<\/li>\n<li data-section-id=\"i1owbe\" data-start=\"1074\" data-end=\"1100\">compromission de comptes<\/li>\n<li data-section-id=\"12r0aya\" data-start=\"1103\" data-end=\"1168\">\u00e9l\u00e9vation de privil\u00e8ges<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p style=\"text-align: justify;\" data-start=\"1170\" data-end=\"1321\">\ud83d\udc49 Important : l\u2019attaque n\u00e9cessite g\u00e9n\u00e9ralement un acc\u00e8s au r\u00e9seau (local ou interne), mais reste <strong data-start=\"1268\" data-end=\"1320\">tr\u00e8s dangereuse en cas de compromission initiale<\/strong>.<\/p>\n<h2 style=\"text-align: justify;\" data-section-id=\"1gkhkjm\" data-start=\"1328\" data-end=\"1353\"><\/h2>\n<h2 style=\"text-align: justify;\" data-section-id=\"1gkhkjm\" data-start=\"1328\" data-end=\"1353\"><strong>Produits concern\u00e9s<\/strong><\/h2>\n<p style=\"text-align: justify;\" data-start=\"1355\" data-end=\"1400\">Les versions vuln\u00e9rables incluent notamment :<\/p>\n<ul style=\"text-align: justify;\" data-start=\"1402\" data-end=\"1591\">\n<li data-section-id=\"1q47fvx\" data-start=\"1402\" data-end=\"1591\">UniFi Network Application :\n<ul data-start=\"1434\" data-end=\"1591\">\n<li data-section-id=\"hh9sa8\" data-start=\"1434\" data-end=\"1471\">versions <strong data-start=\"1445\" data-end=\"1471\">10.1.85 et ant\u00e9rieures<\/strong><\/li>\n<li data-section-id=\"wlw6r8\" data-start=\"1474\" data-end=\"1511\">versions <strong data-start=\"1485\" data-end=\"1511\">10.2.93 et ant\u00e9rieures<\/strong><\/li>\n<li data-section-id=\"1odm6dp\" data-start=\"1514\" data-end=\"1591\">versions <strong data-start=\"1525\" data-end=\"1551\">9.0.114 et ant\u00e9rieures<\/strong><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2 style=\"text-align: justify;\" data-section-id=\"u8vfr7\" data-start=\"1598\" data-end=\"1632\"><\/h2>\n<h2 style=\"text-align: justify;\" data-section-id=\"u8vfr7\" data-start=\"1598\" data-end=\"1632\"><strong>Risques pour les entreprises<\/strong><\/h2>\n<p style=\"text-align: justify;\" data-start=\"1634\" data-end=\"1672\">Ces vuln\u00e9rabilit\u00e9s peuvent permettre :<\/p>\n<ul style=\"text-align: justify;\" data-start=\"1674\" data-end=\"1821\">\n<li data-section-id=\"1yk4pb4\" data-start=\"1674\" data-end=\"1714\">Acc\u00e8s aux fichiers syst\u00e8me sensibles<\/li>\n<li data-section-id=\"f8az9a\" data-start=\"1715\" data-end=\"1753\">Compromission du contr\u00f4leur r\u00e9seau<\/li>\n<li data-section-id=\"91jn55\" data-start=\"1754\" data-end=\"1821\">Potentiellement un <strong data-start=\"1775\" data-end=\"1819\">contr\u00f4le total de l\u2019infrastructure UniFi<\/strong><\/li>\n<\/ul>\n<p style=\"text-align: justify;\" data-start=\"1823\" data-end=\"1883\">Dans des environnements professionnels, cela peut impacter :<\/p>\n<ul style=\"text-align: justify;\" data-start=\"1884\" data-end=\"1979\">\n<li data-section-id=\"10vs97i\" data-start=\"1884\" data-end=\"1900\">r\u00e9seau interne<\/li>\n<li data-section-id=\"11bw95l\" data-start=\"1901\" data-end=\"1959\">\u00e9quipements connect\u00e9s (Wi-Fi, cam\u00e9ras, contr\u00f4le d\u2019acc\u00e8s)<\/li>\n<li data-section-id=\"c418ej\" data-start=\"1960\" data-end=\"1979\">donn\u00e9es critiques<\/li>\n<\/ul>\n<h2 style=\"text-align: justify;\" data-section-id=\"3urm4a\" data-start=\"1986\" data-end=\"2022\"><strong>Correctifs et recommandations<\/strong><\/h2>\n<p style=\"text-align: justify;\" data-start=\"2024\" data-end=\"2082\">Ubiquiti a publi\u00e9 des mises \u00e0 jour corrigeant ces failles.<\/p>\n<h3 style=\"text-align: justify;\" data-section-id=\"1okxtwb\" data-start=\"2084\" data-end=\"2112\">\u2705 <strong>Actions recommand\u00e9es :<\/strong><\/h3>\n<ul style=\"text-align: justify;\" data-start=\"2113\" data-end=\"2375\">\n<li data-section-id=\"1t2e3cz\" data-start=\"2113\" data-end=\"2174\">Mettre \u00e0 jour <strong data-start=\"2129\" data-end=\"2146\">imm\u00e9diatement<\/strong> vers les derni\u00e8res versions<\/li>\n<li data-section-id=\"155b4lr\" data-start=\"2175\" data-end=\"2230\">V\u00e9rifier les instances auto-h\u00e9berg\u00e9es (plus expos\u00e9es)<\/li>\n<li data-section-id=\"s381h7\" data-start=\"2231\" data-end=\"2285\">Restreindre l\u2019acc\u00e8s r\u00e9seau aux interfaces de gestion<\/li>\n<li data-section-id=\"shm6gw\" data-start=\"2286\" data-end=\"2375\">Appliquer les bonnes pratiques :\n<ul data-start=\"2323\" data-end=\"2375\">\n<li data-section-id=\"1h6c13j\" data-start=\"2323\" data-end=\"2344\">segmentation r\u00e9seau<\/li>\n<li data-section-id=\"1eqxlaf\" data-start=\"2347\" data-end=\"2375\">limitation des acc\u00e8s admin<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p style=\"text-align: justify;\" data-start=\"2377\" data-end=\"2516\">\ud83d\udc49 Les autorit\u00e9s de cybers\u00e9curit\u00e9 recommandent explicitement d\u2019installer les correctifs sans d\u00e9lai.<\/p>\n<h2 style=\"text-align: justify;\" data-section-id=\"za3wl2\" data-start=\"2523\" data-end=\"2553\"><\/h2>\n<h2 style=\"text-align: justify;\" data-section-id=\"za3wl2\" data-start=\"2523\" data-end=\"2553\"><strong>Pourquoi c\u2019est important<\/strong><\/h2>\n<p style=\"text-align: justify;\" data-start=\"2555\" data-end=\"2613\">Ce type de faille critique (CVSS 10) est rare et indique :<\/p>\n<ul style=\"text-align: justify;\" data-start=\"2614\" data-end=\"2712\">\n<li data-section-id=\"fqns1z\" data-start=\"2614\" data-end=\"2651\">exploitation potentiellement simple<\/li>\n<li data-section-id=\"1uf1pa6\" data-start=\"2652\" data-end=\"2712\">impact maximal (confidentialit\u00e9, int\u00e9grit\u00e9, disponibilit\u00e9)<\/li>\n<\/ul>\n<p style=\"text-align: justify;\" data-start=\"2714\" data-end=\"2839\">Cela confirme une tendance :<br data-start=\"2742\" data-end=\"2745\" \/>\u27a1\ufe0f les infrastructures r\u00e9seau (routeurs, contr\u00f4leurs, IoT) deviennent des cibles privil\u00e9gi\u00e9es.<\/p>\n<hr data-start=\"2841\" data-end=\"2844\" \/>\n<p style=\"text-align: justify;\" data-start=\"2877\" data-end=\"3006\">Le <strong data-start=\"2880\" data-end=\"2914\">Security Advisory Bulletin 062<\/strong> rappelle une r\u00e8gle essentielle :<br data-start=\"2947\" data-end=\"2950\" \/>\ud83d\udc49 <em data-start=\"2953\" data-end=\"3006\">les \u00e9quipements r\u00e9seau ne sont pas \u201cset and forget\u201d<\/em><\/p>\n<p style=\"text-align: justify;\" data-start=\"3008\" data-end=\"3222\">Entre mises \u00e0 jour r\u00e9guli\u00e8res et s\u00e9curisation des acc\u00e8s, la gestion des infrastructures UniFi doit \u00eatre trait\u00e9e comme un <strong data-start=\"3129\" data-end=\"3162\">enjeu de cybers\u00e9curit\u00e9 majeur<\/strong>, au m\u00eame titre que les serveurs ou les postes utilisateurs.<\/p>\n<h3 style=\"text-align: justify;\"><strong>+ D\u2019INFO<\/strong><\/h3>\n<p style=\"text-align: justify;\"><strong><a href=\"https:\/\/community.ui.com\/releases\/Security-Advisory-Bulletin-062-062\/c29719c0-405e-4d4a-8f26-e343e99f931b\" target=\"_blank\" rel=\"noopener\">Voir la page officielle du bulletin en anglais<\/a><\/strong><br \/>\n<a href=\"https:\/\/www.actn.fr\/\/catalogue\/search?search=UVC-G6\" target=\"_blank\" rel=\"noopener noreferrer\">Voir toutes les r\u00e9f\u00e9rences UBIQUITI disponibles chez ACTN \u00bb<\/a><br \/>\nPour en savoir plus, contactez notre service commercial <strong>05 62 488 488.<\/strong><\/p>\n<!-- AddThis Advanced Settings generic via filter on the_content --><!-- AddThis Share Buttons generic via filter on the_content -->","protected":false},"excerpt":{"rendered":"<a href=\"https:\/\/blog.actn.fr\/?p=21836\"><img width=\"150\" height=\"100\" src=\"https:\/\/blog.actn.fr\/wp-content\/uploads\/2026\/03\/ubiquiti-securtiy-bulletin.jpg\" class=\"alignleft tfe wp-post-image\" alt=\"\" decoding=\"async\" loading=\"lazy\" \/><\/a><p>Vuln\u00e9rabilit\u00e9s critiques dans UniFi (Bulletin 062) &#8211; Publi\u00e9: 18 mars 2026 &#8211; Mis \u00e0 jour : 21 mars 2026 Contexte Ubiquiti a publi\u00e9 le 18 mars 2026 un bulletin de&hellip;<!-- AddThis Advanced Settings generic via filter on get_the_excerpt --><!-- AddThis Share Buttons generic via filter on get_the_excerpt --><\/p>\n","protected":false},"author":5,"featured_media":21846,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rop_custom_images_group":[],"rop_custom_messages_group":[],"rop_publish_now":"initial","rop_publish_now_accounts":[],"rop_publish_now_history":[],"rop_publish_now_status":"pending","_price":"","_stock":"","_tribe_ticket_header":"","_tribe_default_ticket_provider":"","_tribe_ticket_capacity":"0","_ticket_start_date":"","_ticket_end_date":"","_tribe_ticket_show_description":"","_tribe_ticket_show_not_going":false,"_tribe_ticket_use_global_stock":"","_tribe_ticket_global_stock_level":"","_global_stock_mode":"","_global_stock_cap":"","_tribe_rsvp_for_event":"","_tribe_ticket_going_count":"","_tribe_ticket_not_going_count":"","_tribe_tickets_list":"[]","_tribe_ticket_has_attendee_info_fields":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[41],"tags":[1519,1518,1255,1271],"class_list":["post-21836","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ubiquiti","tag-correctif","tag-faille-de-securite","tag-ubiquiti","tag-unifi"],"jetpack_featured_media_url":"https:\/\/blog.actn.fr\/wp-content\/uploads\/2026\/03\/ubiquiti-securtiy-bulletin.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.actn.fr\/index.php?rest_route=\/wp\/v2\/posts\/21836","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.actn.fr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.actn.fr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.actn.fr\/index.php?rest_route=\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.actn.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=21836"}],"version-history":[{"count":8,"href":"https:\/\/blog.actn.fr\/index.php?rest_route=\/wp\/v2\/posts\/21836\/revisions"}],"predecessor-version":[{"id":21847,"href":"https:\/\/blog.actn.fr\/index.php?rest_route=\/wp\/v2\/posts\/21836\/revisions\/21847"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.actn.fr\/index.php?rest_route=\/wp\/v2\/media\/21846"}],"wp:attachment":[{"href":"https:\/\/blog.actn.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=21836"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.actn.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=21836"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.actn.fr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=21836"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}