Kwetsbaarheden - Week 08

Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.

Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.

Critical & High

Cisco ClamAV
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (9.8)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (5.3)

Fortinet FortiNAC
https://nvd.nist.gov/vuln/detail/CVE-2022-39952 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-38375 (9.1)
https://nvd.nist.gov/vuln/detail/CVE-2022-40678 (7.4)
https://nvd.nist.gov/vuln/detail/CVE-2022-39954 (7.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-40677 (7.3)
https://nvd.nist.gov/vuln/detail/CVE-2023-22638 (7.1)
https://nvd.nist.gov/vuln/detail/CVE-2022-40675 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-38376 (6.1)

Fortinet FortiWeb
https://nvd.nist.gov/vuln/detail/CVE-2021-42756 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2021-42761 (9.0)
https://nvd.nist.gov/vuln/detail/CVE-2022-30303 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-23780 (8.0)
https://nvd.nist.gov/vuln/detail/CVE-2022-40683 (7.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-23782 (7.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-25602 (7.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-23779 (6.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-23783 (6.7)
https://nvd.nist.gov/vuln/detail/CVE-2022-30306 (6.6)
https://nvd.nist.gov/vuln/detail/CVE-2022-33871 (6.6)
https://nvd.nist.gov/vuln/detail/CVE-2022-30300 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-23781 (6.4)
https://nvd.nist.gov/vuln/detail/CVE-2023-23784 (5.7)
https://nvd.nist.gov/vuln/detail/CVE-2022-30299 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2023-23778 (4.9)

AMI MegaRAC SPX BMC
https://nvd.nist.gov/vuln/detail/CVE-2023-25191 (9.1)
https://nvd.nist.gov/vuln/detail/CVE-2023-25192 (5.3)

Tribe29 Checkmk
https://nvd.nist.gov/vuln/detail/CVE-2022-46836 (9.1)
https://nvd.nist.gov/vuln/detail/CVE-2022-46303 (8.0)
https://nvd.nist.gov/vuln/detail/CVE-2022-47909 (6.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-48321 (6.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-48319 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-48317 (5.6)
https://nvd.nist.gov/vuln/detail/CVE-2022-48320 (5.4)
https://nvd.nist.gov/vuln/detail/CVE-2022-48318 (5.3)

VMware Carbon Black App Control
https://nvd.nist.gov/vuln/detail/CVE-2023-20858 (9.1)

Argo CD
https://nvd.nist.gov/vuln/detail/CVE-2023-23947 (9.1)

Fortinet FortiWAN
https://nvd.nist.gov/vuln/detail/CVE-2022-33869 (8.8)

Fortinet FortiOS
https://nvd.nist.gov/vuln/detail/CVE-2022-41334 (8.8)

Fortinet FortiOS / FortiProxy / FortiSwitchManager
https://nvd.nist.gov/vuln/detail/CVE-2022-41335 (8.8)

SolarWinds Platform
https://nvd.nist.gov/vuln/detail/CVE-2022-47503 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-47504 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-47506 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-47507 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-23836 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-38111 (7.2)

VMware vRealize Orchestrator
https://nvd.nist.gov/vuln/detail/CVE-2023-20855 (8.8)

Clam AntiVirus (ClamAV)
https://nvd.nist.gov/vuln/detail/CVE-2022-20803 (8.6)

Fortinet FortiADC
https://nvd.nist.gov/vuln/detail/CVE-2022-27482 (7.8)

Cisco Nexus Dashboard
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (7.5)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (6.1)

OpenBMC
https://nvd.nist.gov/vuln/detail/CVE-2022-35729 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-29494 (6.5)

SolarWinds Server & Application Monitor
https://nvd.nist.gov/vuln/detail/CVE-2022-47508 (7.5)

Fortinet FortiExtender
https://nvd.nist.gov/vuln/detail/CVE-2022-27489 (7.2)

Kubernetes MinIO
https://nvd.nist.gov/vuln/detail/CVE-2023-25812 (high)

Jenkins verschillende plugins
https://www.jenkins.io/security/advisory/2023-02-15/ (high-medium)

GitHub Enterprise Server
https://nvd.nist.gov/vuln/detail/CVE-2023-22380 (n/a)

Medium

Cisco Email Security Appliance / Secure Email and Web Manager
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (6.5)

HashiCorp Nomad / Nomad Enterprise
https://nvd.nist.gov/vuln/detail/CVE-2023-0821 (6.5)

IBM Security Verify Access
https://nvd.nist.gov/vuln/detail/CVE-2022-36775 (6.5)

containerd
https://nvd.nist.gov/vuln/detail/CVE-2023-25153 (6.2)
https://nvd.nist.gov/vuln/detail/CVE-2023-25173 (5.3)

Cisco Identity Services Engine
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (6.1)

Elastic Kibana
https://nvd.nist.gov/vuln/detail/CVE-2022-38779 (6.1)

Dell Secure Connect Gateway (SCG)
https://nvd.nist.gov/vuln/detail/CVE-2023-23695 (5.9)

Fortinet FortiSandbox
https://nvd.nist.gov/vuln/detail/CVE-2022-26115 (5.9)

Fortinet FortiOS / FortiProxy
https://nvd.nist.gov/vuln/detail/CVE-2022-39948 (4.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-38378 (4.2)
https://nvd.nist.gov/vuln/detail/CVE-2022-42472 (4.2)

Fortinet FortiAnalyzer
https://nvd.nist.gov/vuln/detail/CVE-2022-30304 (4.3)

Fortinet FortiOS / FortiWeb / FortiProxy / FortiSwitch
https://nvd.nist.gov/vuln/detail/CVE-2021-43074 (4.3)

Fortinet FortiPortal
https://nvd.nist.gov/vuln/detail/CVE-2022-43954 (4.3)

Octopus Server
https://nvd.nist.gov/vuln/detail/CVE-2022-2883 (medium)

Knot Resolver
https://nvd.nist.gov/vuln/detail/CVE-2023-26249 (n/a)