{"id":7811,"date":"2019-10-11T09:10:34","date_gmt":"2019-10-11T07:10:34","guid":{"rendered":"http:\/\/blog.actn.fr\/?p=7811"},"modified":"2019-10-11T09:10:34","modified_gmt":"2019-10-11T07:10:34","slug":"communique-sophos-cyberoam-firewall-remote-code-execution-vulnerability","status":"publish","type":"post","link":"https:\/\/blog.actn.fr\/?p=7811","title":{"rendered":"Communiqu\u00e9 SOPHOS : Cyberoam Firewall Remote Code Execution Vulnerability"},"content":{"rendered":"<p>\t\t\t\t<![CDATA[<img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-4145 aligncenter\" src=\"http:\/\/blog.actn.fr\/wp-content\/uploads\/2016\/04\/Logo-Sophos-250-50.png\" alt=\"\" width=\"250\" height=\"50\" \/>\n\nSophos publie un communiqu\u00e9 \u00e0 l&rsquo;attention de tous les utilisateurs de firewall de la gamme Cyberoam :\n\n<em><strong>Cher utilisateur de Sophos,<\/strong><\/em>\n\n\n<p style=\"text-align: justify;\"><em><strong>Une vuln\u00e9rabilit\u00e9 critique d&rsquo;injection de shell dans les appliances Sophos Cyberoam Firewall fonctionnant sous CyberoamOS (CROS) version 10.6.6 MR-5 et ant\u00e9rieures a r\u00e9cemment \u00e9t\u00e9 d\u00e9couverte et divulgu\u00e9e de mani\u00e8re responsable \u00e0 Sophos par un chercheur externe en s\u00e9curit\u00e9.<\/strong><\/em><\/p>\n\n\n\n\n<p style=\"text-align: justify;\"><em><strong>La vuln\u00e9rabilit\u00e9 peut \u00eatre potentiellement exploit\u00e9e en envoyant une requ\u00eate malveillante aux consoles Web Admin ou VPN SSL, ce qui permettrait \u00e0 un attaquant distant non authentifi\u00e9 d&rsquo;ex\u00e9cuter des commandes arbitraires.<\/strong><\/em><\/p>\n\n\n\n\n<p style=\"text-align: justify;\"><em><strong>Pour les clients utilisant la version 10.6.4 et les versions ult\u00e9rieures de CROS, qui utilisent les mises \u00e0 jour automatiques par d\u00e9faut, la mise \u00e0 jour de s\u00e9curit\u00e9 a \u00e9t\u00e9 automatiquement install\u00e9e depuis le 30 septembre 2019 et aucune action n&rsquo;est requise. Pour les clients qui gardent les mises \u00e0 jour automatiques d\u00e9sactiv\u00e9es ou qui ne peuvent pas les recevoir, le correctif est disponible via le support Sophos.<\/strong><\/em><\/p>\n\n\n\n\n<p style=\"text-align: justify;\"><em><strong>Pour les informations les plus r\u00e9centes, veuillez consulter l&rsquo;article <a href=\"http:\/\/app.go.sophos.com\/e\/er?s=1777052651&amp;lid=11643&amp;elqTrackId=f35825d1f55f4a358760198f1f6ad5ac&amp;elq=1ab543bd4461489a918e263aa1c3e3e0&amp;elqaid=9827&amp;elqat=1\" target=\"_blank\" rel=\"noopener noreferrer\">134732<\/a> de la Base de connaissances.<\/strong><\/em><\/p>\n\n\n\n\n<p style=\"text-align: justify;\"><strong><em>Contactez votre repr\u00e9sentant Sophos Channel si vous avez des questions.<\/em><\/strong><\/p>\n\n\n<strong><em>Votre \u00e9quipe Sophos<\/em><\/strong>\n<strong><em> \u00a0<\/em><\/strong>\n\n<a href=\"http:\/\/app.go.sophos.com\/e\/es?s=1777052651&amp;e=906480&amp;elqTrackId=e279c511881c468c9c136eeb565cb711&amp;elq=1ab543bd4461489a918e263aa1c3e3e0&amp;elqaid=9827&amp;elqat=1\" target=\"_blank\" rel=\"noopener noreferrer\">Version originale du communiqu\u00e9 en anglais \u00bb<\/a>\n\n\n<h3><span id=\"result_box\" class=\"\" lang=\"fr\"><strong><span class=\"\">+ D\u2019INFO\n<\/span><\/strong><\/span><\/h3>\n\n\n<strong><a href=\"http:\/\/www.actn.fr\/productlistgen14.php?tsearch=MARQSEARCH&amp;MRQ=SOPH\" target=\"_blank\" rel=\"noopener noreferrer\">Voir la gamme SOPHOS disponible chez ACTN \u00bb<\/a><\/strong>\nPour toute question, contactez notre service commercial <strong>05 62 487 485.<\/strong>]]>\t\t<\/p>\n<!-- AddThis Advanced Settings generic via filter on the_content --><!-- AddThis Share Buttons generic via filter on the_content -->","protected":false},"excerpt":{"rendered":"<a href=\"https:\/\/blog.actn.fr\/?p=7811\"><\/a><p>\t\t\t\t<![CDATA[]]>\t\t<!-- AddThis Advanced Settings generic via filter on get_the_excerpt --><!-- AddThis Share Buttons generic via filter on get_the_excerpt --><\/p>\n","protected":false},"author":2,"featured_media":4145,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_price":"","_stock":"","_tribe_ticket_header":"","_tribe_default_ticket_provider":"","_tribe_ticket_capacity":"0","_ticket_start_date":"","_ticket_end_date":"","_tribe_ticket_show_description":"","_tribe_ticket_show_not_going":false,"_tribe_ticket_use_global_stock":"","_tribe_ticket_global_stock_level":"","_global_stock_mode":"","_global_stock_cap":"","_tribe_rsvp_for_event":"","_tribe_ticket_going_count":"","_tribe_ticket_not_going_count":"","_tribe_tickets_list":"[]","_tribe_ticket_has_attendee_info_fields":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[35],"tags":[331,536,1150,1288],"class_list":["post-7811","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-sophos","tag-cyberoam-2","tag-firewall","tag-sophos","tag-utm"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.actn.fr\/index.php?rest_route=\/wp\/v2\/posts\/7811","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.actn.fr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.actn.fr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.actn.fr\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.actn.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7811"}],"version-history":[{"count":0,"href":"https:\/\/blog.actn.fr\/index.php?rest_route=\/wp\/v2\/posts\/7811\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.actn.fr\/index.php?rest_route=\/"}],"wp:attachment":[{"href":"https:\/\/blog.actn.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7811"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.actn.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7811"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.actn.fr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7811"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}