Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.
Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.
Critical & High
VMware Aria Operations for Logs (voorheen vRealize Log Insight)
https://www.vmware.com/security/advisories/VMSA-2023-0001.html (9.8-5.3)
Cisco Small Business RV042 Series
https://nvd.nist.gov/vuln/detail/CVE-2023-20025 (9.0)
https://nvd.nist.gov/vuln/detail/CVE-2023-20026 (6.5)
Cisco BroadWorks Application Delivery Platform / BroadWorks Application Server / BroadWorks Xtended Services Platform
https://nvd.nist.gov/vuln/detail/CVE-2023-20020 (8.6)
https://nvd.nist.gov/vuln/detail/CVE-2023-20019 (6.1)
Cisco IP Phone 7800 / 8800 Series Phones
https://nvd.nist.gov/vuln/detail/CVE-2023-20018 (8.6)
Dell EMC SCG Policy Manager
https://nvd.nist.gov/vuln/detail/CVE-2022-34462 (8.4)
https://nvd.nist.gov/vuln/detail/CVE-2022-34442 (8.0)
PowerDNS Recursor
https://nvd.nist.gov/vuln/detail/CVE-2023-22617 (8.2)
Cisco Unified Communications Manager
https://nvd.nist.gov/vuln/detail/CVE-2023-20010 (8.1)
Dell EMC PowerVault ME5
https://nvd.nist.gov/vuln/detail/CVE-2023-23691 (8.1)
Dell Command / Configure
https://nvd.nist.gov/vuln/detail/CVE-2022-34457 (7.3)
IBM Spectrum Virtualize
https://nvd.nist.gov/vuln/detail/CVE-2022-39167 (7.3)
Dell EMC Storage (Cloud Mobility)
https://nvd.nist.gov/vuln/detail/CVE-2023-23690 (7.0)
Jenkins diverse plugins
https://www.jenkins.io/security/advisory/2023-01-24/ (high-medium)
Kraken
https://nvd.nist.gov/vuln/detail/CVE-2022-47747 (n/a)
NGINX Proxy Manager
https://nvd.nist.gov/vuln/detail/CVE-2023-23596 (n/a)
OpenStack Swift
https://nvd.nist.gov/vuln/detail/CVE-2022-47950 (n/a)
SonicWall SMA1000 Series
https://nvd.nist.gov/vuln/detail/CVE-2023-0126 (n/a)
Medium
Cisco CX Cloud Agent
https://nvd.nist.gov/vuln/detail/CVE-2023-20043 (6.7)
https://nvd.nist.gov/vuln/detail/CVE-2023-20044 (6.7)
Cisco Webex Room Phone / Webex Share
https://nvd.nist.gov/vuln/detail/CVE-2023-20047 (6.5)
Cisco Unified Intelligence Center
https://nvd.nist.gov/vuln/detail/CVE-2023-20058 (6.1)
Cisco Network Services Orchestrator (NSO)
https://nvd.nist.gov/vuln/detail/CVE-2023-20040 (5.5)
Redis
https://nvd.nist.gov/vuln/detail/CVE-2022-35977 (5.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-22458 (5.5)
HCL BigFix MCM
https://nvd.nist.gov/vuln/detail/CVE-2021-27782 (5.4)
Cisco Small Business RV160 / RV260 Series
https://nvd.nist.gov/vuln/detail/CVE-2023-20045 (4.9)
Cisco AsyncOS Software for Cisco Email Security Appliance (ESA)
https://nvd.nist.gov/vuln/detail/CVE-2023-20057 (4.7)
Cisco Small Business RV340 / RV340W / RV345 / RV345P
https://nvd.nist.gov/vuln/detail/CVE-2023-20007 (4.7)
Cisco TelePresence CE / RoomOS
https://nvd.nist.gov/vuln/detail/CVE-2023-20002 (4.4)
https://nvd.nist.gov/vuln/detail/CVE-2023-20008 (4.4)
Dell Networking MX Series
https://www.dell.com/support/kbdoc/nl-nl/000207814/dsa-2023-024 (medium)
Dell SmartFabric OS10
https://www.dell.com/support/kbdoc/nl-nl/000207834/dsa-2023-022-dell-em… (medium)
JetNexus/EdgeNexus ADC
https://nvd.nist.gov/vuln/detail/CVE-2022-37718 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2022-37719 (n/a)
ModSecurity
https://nvd.nist.gov/vuln/detail/CVE-2022-48279 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2023-24021 (n/a)