{"id":10115,"date":"2023-12-15T00:14:00","date_gmt":"2023-12-15T00:14:00","guid":{"rendered":"https:\/\/talentys.ci\/?p=10115"},"modified":"2023-12-15T14:18:40","modified_gmt":"2023-12-15T14:18:40","slug":"talentys-security-digest","status":"publish","type":"post","link":"https:\/\/talentys.ci\/en\/talentys-security-digest\/","title":{"rendered":"Talentys Security Digest 004 22 novembre"},"content":{"rendered":"<div data-elementor-type=\"wp-post\" data-elementor-id=\"10115\" class=\"elementor elementor-10115\">\n\t\t\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-top-section elementor-element elementor-element-4db5036d elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4db5036d\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-4fac03cd\" data-id=\"4fac03cd\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-6ad5b6a5 elementor-widget elementor-widget-text-editor\" data-id=\"6ad5b6a5\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.21.0 - 18-04-2024 *\/\n.elementor-widget-text-editor.elementor-drop-cap-view-stacked .elementor-drop-cap{background-color:#69727d;color:#fff}.elementor-widget-text-editor.elementor-drop-cap-view-framed .elementor-drop-cap{color:#69727d;border:3px solid;background-color:transparent}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap{margin-top:8px}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap-letter{width:1em;height:1em}.elementor-widget-text-editor .elementor-drop-cap{float:left;text-align:center;line-height:1;font-size:50px}.elementor-widget-text-editor .elementor-drop-cap-letter{display:inline-block}<\/style>\t\t\t\t<p><!-- wp:paragraph --><\/p>\n<p class=\"MsoNormal\">Diff\u00e9rentes vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans la plateforme de contr\u00f4le d&rsquo;acc\u00e8s CISCO ISE.\u00a0<\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p><!-- \/wp:paragraph --><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d311fc6 elementor-widget elementor-widget-text-editor\" data-id=\"d311fc6\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><!-- wp:paragraph --><\/p>\n<p class=\"MsoNormal\"><strong>Situation:<\/strong><\/p>\n<p>Les vuln\u00e9rabilit\u00e9s d\u00e9couvertes permettent d&rsquo;injecter des commandes arbitraires, de contourner les protections de s\u00e9curit\u00e9 existantes ou de pratiquer le cross-site scripting (XSS) qui consiste \u00e0 injecter un script malveillant dans un contenu web cible afin qu&rsquo;il soit renvoy\u00e9 dans le navigateur de la victime. Parmi ces vuln\u00e9rabilit\u00e9s, la CVE-2022-20964 permet \u00e0 un hacker non authentifi\u00e9 d&rsquo;injecter des commandes dans le syst\u00e8me d&rsquo;exploitation sous ISE.<\/p>\n<p class=\"MsoNormal\">\u00a0<\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p><!-- \/wp:paragraph --><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-392f9b3 elementor-widget elementor-widget-text-editor\" data-id=\"392f9b3\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><!-- wp:paragraph --><\/p>\n<p class=\"MsoNormal\"><strong>Syst\u00e8mes affect\u00e9s:<\/strong><\/p>\n<ul>\n<li>Cisco Identity Services Engine versions ant\u00e9rieures \u00e0 3.1p6<\/li>\n<li>Cisco Identity Services Engine versions ant\u00e9rieures \u00e0 3.2p1<\/li>\n<\/ul>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p><!-- \/wp:paragraph --><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4a0537c elementor-widget elementor-widget-text-editor\" data-id=\"4a0537c\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><!-- wp:paragraph --><\/p>\n<p class=\"MsoNormal\"><strong>Recos:<\/strong><\/p>\n<p>En attendant les versions incluant les correctifs, veuillez vous r\u00e9f\u00e9rer aux outils Cisco suivant:<\/p>\n<p><a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-ise-7Q4TNYUx\">https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-ise-7Q4TNYUx<\/a><\/p>\n<p><a href=\"https:\/\/www.cisco.com\/c\/en\/us\/support\/docs\/csa\/cisco-sa-ise-xss-twLnpy3M.html\">https:\/\/www.cisco.com\/c\/en\/us\/support\/docs\/csa\/cisco-sa-ise-xss-twLnpy3M.html<\/a><\/p>\n<p><strong>Fichier source<\/strong><\/p>\n<p><a href=\"http:\/\/talentys.ci\/wp-content\/uploads\/2023\/01\/Talentys-Security-Digest-004-Nov-22.pdf\">Telecharger le fichier source<\/a><\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p><!-- \/wp:paragraph --><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>Diff\u00e9rentes vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans la plateforme de contr\u00f4le d&rsquo;acc\u00e8s CISCO ISE.\u00a0 Situation: Les vuln\u00e9rabilit\u00e9s d\u00e9couvertes permettent d&rsquo;injecter des commandes arbitraires, de contourner les protections de s\u00e9curit\u00e9 existantes ou de pratiquer le cross-site scripting (XSS) qui consiste \u00e0 injecter un script malveillant dans un contenu web cible afin qu&rsquo;il soit renvoy\u00e9 dans le navigateur [&hellip;]<\/p>","protected":false},"author":1,"featured_media":10841,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_eb_attr":"","footnotes":""},"categories":[79],"tags":[81],"class_list":["post-10115","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-talentys-security-digest","tag-talentys-security-digest"],"_links":{"self":[{"href":"https:\/\/talentys.ci\/en\/wp-json\/wp\/v2\/posts\/10115","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/talentys.ci\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/talentys.ci\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/talentys.ci\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/talentys.ci\/en\/wp-json\/wp\/v2\/comments?post=10115"}],"version-history":[{"count":0,"href":"https:\/\/talentys.ci\/en\/wp-json\/wp\/v2\/posts\/10115\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/talentys.ci\/en\/wp-json\/wp\/v2\/media\/10841"}],"wp:attachment":[{"href":"https:\/\/talentys.ci\/en\/wp-json\/wp\/v2\/media?parent=10115"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/talentys.ci\/en\/wp-json\/wp\/v2\/categories?post=10115"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/talentys.ci\/en\/wp-json\/wp\/v2\/tags?post=10115"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}