Kwetsbaarheden - Week 04

Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners. Deze selectie wordt gezamenlijk met relevant nieuws verspreid in de Mid of Week.

De inschatting van low/medium/high wordt gemaakt op basis van de CVSS 3.1 base score van de kwetsbaarheid. 0.0-3.9 is low, 4.0-6.9 is medium, 7.0-10.0 is high.

Kwetsbaarheden die als low worden geclassificeerd komen niet in dit overzicht terug.

High

Cisco SD-WAN

https://nvd.nist.gov/vuln/detail/CVE-2021-1300 (9.8)

Cisco Smart Software Manager

https://nvd.nist.gov/vuln/detail/CVE-2021-1138 (9.8)

https://nvd.nist.gov/vuln/detail/CVE-2021-1139 (9.8)

https://nvd.nist.gov/vuln/detail/CVE-2021-1140 (9.8)

https://nvd.nist.gov/vuln/detail/CVE-2021-1141 (9.8)

https://nvd.nist.gov/vuln/detail/CVE-2021-1142 (9.8)

Cisco Data Center Network Manager

https://nvd.nist.gov/vuln/detail/CVE-2021-1247 (8.8)

https://nvd.nist.gov/vuln/detail/CVE-2021-1248 (8.8)

https://nvd.nist.gov/vuln/detail/CVE-2021-1272 (8.8)

https://nvd.nist.gov/vuln/detail/CVE-2021-1276 (7.5)

https://nvd.nist.gov/vuln/detail/CVE-2021-1277 (7.5)

DNSmasq

https://nvd.nist.gov/vuln/detail/CVE-2020-25681 (8.1)

https://nvd.nist.gov/vuln/detail/CVE-2020-25682 (8.1)

Oracle VirtualBox

https://nvd.nist.gov/vuln/detail/CVE-2021-2129 (7.9)

Nextcloud Server

https://nvd.nist.gov/vuln/detail/CVE-2020-8295 (7.5)

Sudo

https://nvd.nist.gov/vuln/detail/CVE-2021-3156 (7.0)

Nagios XI (Docker Config Wizard)

https://nvd.nist.gov/vuln/detail/CVE-2021-3193 (n/a)

Medium

Cisco Data Center Network Manager

https://nvd.nist.gov/vuln/detail/CVE-2021-1249 (6.5)

https://nvd.nist.gov/vuln/detail/CVE-2021-1250 (6.5)

https://nvd.nist.gov/vuln/detail/CVE-2021-1253 (6.5)

https://nvd.nist.gov/vuln/detail/CVE-2021-1286 (6.5)

https://nvd.nist.gov/vuln/detail/CVE-2021-1269 (6.3)

https://nvd.nist.gov/vuln/detail/CVE-2021-1270 (6.3)

https://nvd.nist.gov/vuln/detail/CVE-2021-1283 (5.5)

https://nvd.nist.gov/vuln/detail/CVE-2021-1133 (4.6)

https://nvd.nist.gov/vuln/detail/CVE-2021-1135 (4.6)

https://nvd.nist.gov/vuln/detail/CVE-2021-1255 (4.6)

Oracle VirtualBox

https://nvd.nist.gov/vuln/detail/CVE-2021-2128 (6.5)

https://nvd.nist.gov/vuln/detail/CVE-2021-2124 (6.0)

https://nvd.nist.gov/vuln/detail/CVE-2021-2126 (6.0)

https://nvd.nist.gov/vuln/detail/CVE-2021-2131 (6.0)

https://nvd.nist.gov/vuln/detail/CVE-2021-2125 (4.6)

https://nvd.nist.gov/vuln/detail/CVE-2021-2127 (4.4)

https://nvd.nist.gov/vuln/detail/CVE-2021-2130 (4.4)

Nextcloud Server

https://nvd.nist.gov/vuln/detail/CVE-2020-8293 (5.7)

Kubernetes

https://nvd.nist.gov/vuln/detail/CVE-2020-8554 (6.3)

https://nvd.nist.gov/vuln/detail/CVE-2020-8568 (5.8)

https://nvd.nist.gov/vuln/detail/CVE-2020-8567 (4.9)

https://nvd.nist.gov/vuln/detail/CVE-2020-8569 (4.3)

https://nvd.nist.gov/vuln/detail/CVE-2020-8570 (n/a)

DNSmasq

https://nvd.nist.gov/vuln/detail/CVE-2020-25683 (5.9)

https://nvd.nist.gov/vuln/detail/CVE-2020-25687 (5.9)

https://nvd.nist.gov/vuln/detail/CVE-2020-25684 (4.0)

https://nvd.nist.gov/vuln/detail/CVE-2020-25685 (4.0)

https://nvd.nist.gov/vuln/detail/CVE-2020-25686 (4.0)

Cisco Security Managers

https://nvd.nist.gov/vuln/detail/CVE-2021-1129 (5.3)

Xen Hypervisor

https://nvd.nist.gov/vuln/detail/CVE-2021-3308 (n/a)

OpenLDAP

https://nvd.nist.gov/vuln/detail/CVE-2020-36221 (n/a)

https://nvd.nist.gov/vuln/detail/CVE-2020-36222 (n/a)

https://nvd.nist.gov/vuln/detail/CVE-2020-36223 (n/a)

https://nvd.nist.gov/vuln/detail/CVE-2020-36224 (n/a)

https://nvd.nist.gov/vuln/detail/CVE-2020-36225 (n/a)

https://nvd.nist.gov/vuln/detail/CVE-2020-36226 (n/a)

https://nvd.nist.gov/vuln/detail/CVE-2020-36227 (n/a)

https://nvd.nist.gov/vuln/detail/CVE-2020-36228 (n/a)

https://nvd.nist.gov/vuln/detail/CVE-2020-36229 (n/a)

https://nvd.nist.gov/vuln/detail/CVE-2020-36230 (n/a)

Bent u een digitale dienstverlener en wenst u onze complete Mid of Week te ontvangen? Dan kunt u per e-mail uw aanmelding doorgeven. Vermeld hierbij het e-mailadres waar u de Mid of Week op wenst te ontvangen.