{"id":8294,"date":"2020-03-09T10:33:52","date_gmt":"2020-03-09T09:33:52","guid":{"rendered":"http:\/\/blog.actn.fr\/?p=8294"},"modified":"2020-03-09T10:33:52","modified_gmt":"2020-03-09T09:33:52","slug":"communique-sophos-vulnerabilite-dexecution-de-code-a-distance-dans-le-pare-feu-cyberoam","status":"publish","type":"post","link":"https:\/\/blog.actn.fr\/?p=8294","title":{"rendered":"Communiqu\u00e9 SOPHOS : Vuln\u00e9rabilit\u00e9 d&#039;ex\u00e9cution de code \u00e0 distance dans le pare-feu Cyberoam"},"content":{"rendered":"<p>\t\t\t\t<![CDATA[\n\n<p style=\"text-align: justify;\">Une vuln\u00e9rabilit\u00e9 critique d&rsquo;ex\u00e9cution de code \u00e0 distance dans les appliances Sophos Cyberoam Firewall ex\u00e9cutant les versions 10.6.6 MR-5 et ant\u00e9rieures de CyberoamOS (CROS) a \u00e9t\u00e9 r\u00e9cemment d\u00e9couvert et divulgu\u00e9 de mani\u00e8re responsable \u00e0 Sophos par un chercheur en s\u00e9curit\u00e9 externe. La vuln\u00e9rabilit\u00e9 peut \u00eatre potentiellement exploit\u00e9e en envoyant une demande malveillante lors de la lib\u00e9ration d&rsquo;un email en quarantaine, ce qui permettrait \u00e0 un attaquant distant non authentifi\u00e9 d&rsquo;ex\u00e9cuter des commandes arbitraires.<\/p>\n\n\n\n\n<p style=\"text-align: justify;\">Aucune action n&rsquo;est requise pour les clients ex\u00e9cutant les versions CROS 10.6.2 MR1, 10.6.3 MR5, 10.6.4 et versions ult\u00e9rieures, qui utilisent le param\u00e8tre de mises \u00e0 jour automatiques par d\u00e9faut. La mise \u00e0 jour de s\u00e9curit\u00e9 a \u00e9t\u00e9 install\u00e9e automatiquement au cours de la p\u00e9riode du 24 au 26 f\u00e9vrier 2020.<\/p>\n\n\n\n\n<p style=\"text-align: justify;\">Pour les clients qui ont d\u00e9sactiv\u00e9 les mises \u00e0 jour automatiques, la mise \u00e0 jour de s\u00e9curit\u00e9 est disponible via le support Sophos.<\/p>\n\n\n\n\n<p style=\"text-align: justify;\">Pour rappel g\u00e9n\u00e9ral \u00e0 tous les clients Cyberoam: pour les meilleures pratiques de s\u00e9curit\u00e9, veuillez vous assurer que vous n&rsquo;utilisez pas l&rsquo;identification par d\u00e9faut sur votre appliance Cyberoam.<\/p>\n\n\n\n\n<p style=\"text-align: justify;\">Pour obtenir les informations les plus r\u00e9centes, reportez-vous \u00e0 l&rsquo;article <a href=\"http:\/\/app.go.sophos.com\/e\/er?s=1777052651&amp;lid=14523&amp;elqTrackId=44fe0b19d14a4d47a1fa3214b059d466&amp;elq=7d8bd53f64f848319fe0d5125818462b&amp;elqaid=11870&amp;elqat=1\"><strong>135243<\/strong><\/a>.<\/p>\n\n\nTr\u00e8s cordialement,\n\n\n<p style=\"text-align: justify;\">L&rsquo;\u00e9quipe Sophos<\/p>\n\n\n\n\n\n<h3><span id=\"result_box\" class=\"\" lang=\"fr\"><strong><span class=\"\">+ D\u2019INFO\n<\/span><\/strong><\/span><\/h3>\n\n\n<strong><a href=\"http:\/\/www.actn.fr\/productlistgen14.php?tsearch=MARQSEARCH&amp;MRQ=SOPH\" target=\"_blank\" rel=\"noopener noreferrer\">Voir la gamme SOPHOS disponible chez ACTN \u00bb<\/a><\/strong>\nPour toute question, contactez notre service commercial <strong>05 62 487 485.<\/strong>]]>\t\t<\/p>\n<!-- AddThis Advanced Settings generic via filter on the_content --><!-- AddThis Share Buttons generic via filter on the_content -->","protected":false},"excerpt":{"rendered":"<a href=\"https:\/\/blog.actn.fr\/?p=8294\"><\/a><p>\t\t\t\t<![CDATA[]]>\t\t<!-- AddThis Advanced Settings generic via filter on get_the_excerpt --><!-- AddThis Share Buttons generic via filter on get_the_excerpt --><\/p>\n","protected":false},"author":2,"featured_media":4145,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_price":"","_stock":"","_tribe_ticket_header":"","_tribe_default_ticket_provider":"","_tribe_ticket_capacity":"0","_ticket_start_date":"","_ticket_end_date":"","_tribe_ticket_show_description":"","_tribe_ticket_show_not_going":false,"_tribe_ticket_use_global_stock":"","_tribe_ticket_global_stock_level":"","_global_stock_mode":"","_global_stock_cap":"","_tribe_rsvp_for_event":"","_tribe_ticket_going_count":"","_tribe_ticket_not_going_count":"","_tribe_tickets_list":"[]","_tribe_ticket_has_attendee_info_fields":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[35],"tags":[331,332,536,1150],"class_list":["post-8294","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-sophos","tag-cyberoam-2","tag-cybersecurite","tag-firewall","tag-sophos"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.actn.fr\/index.php?rest_route=\/wp\/v2\/posts\/8294","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.actn.fr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.actn.fr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.actn.fr\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.actn.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8294"}],"version-history":[{"count":0,"href":"https:\/\/blog.actn.fr\/index.php?rest_route=\/wp\/v2\/posts\/8294\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.actn.fr\/index.php?rest_route=\/"}],"wp:attachment":[{"href":"https:\/\/blog.actn.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8294"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.actn.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8294"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.actn.fr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8294"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}